Making Snort Work with MySQL


167


If you are wondering about the structure of each table, you can display different


fields in each table. The following command shows the structure of the iphdr table:


mysql> describe iphdr;


+          +                      +      +     +         +       +


| Field    | Type                 | Null | Key | Default | Extra |


+          +                      +      +     +         +       +


| sid      | int(10) unsigned     |      | PRI | 0       |       |


| cid      | int(10) unsigned     |      | PRI | 0       |       |


| ip_src   | int(10) unsigned     |      | MUL | 0       |       |


| ip_dst   | int(10) unsigned     |      | MUL | 0       |       |


| ip_ver   | tinyint(3) unsigned  | YES  |     | NULL    |       |


| ip_hlen  | tinyint(3) unsigned  | YES  |     | NULL    |       |


| ip_tos   | tinyint(3) unsigned  | YES  |     | NULL    |       |


| ip_len   | smallint(5) unsigned | YES  |     | NULL    |       |


| ip_id    | smallint(5) unsigned | YES  |     | NULL    |       |


| ip_flags | tinyint(3) unsigned  | YES  |     | NULL    |       |


| ip_off   | smallint(5) unsigned | YES  |     | NULL    |       |


| ip_ttl   | tinyint(3) unsigned  | YES  |     | NULL    |       |


| ip_proto | tinyint(3) unsigned  |      |     | 0       |       |


| ip_csum  | smallint(5) unsigned | YES  |     | NULL    |       |


+          +                      +      +     +         +       +


14 rows in set (0.00 sec)


mysql> 


For people who want to go into details of how data is stored, database schema pro 


vides great information. You can view complete database schema at http://www.inci 


dent.org/snortdb/.


5.1.5.1


Creating Extra Tables


When you are using some other programs with database and Snort to map service


numbers to service names, additional mapping information is needed. For example,


TCP port 23 is used for Telnet. However the tcphdr table contains only the port number,


not the textual description. If you want to display source and destination ports as text


 Telnet port  instead of  23 , you need this information. Snort comes with an addi 


tional script that adds more tables and populates them with this information. To create


these extra tables, get snortdb extra.zip file in the contrib directory and


unzip it. Use the following command to create the additional tables and add data to


them.


[root@laptop]# mysql  h localhost  u rr  p snort < contrib/


snortdb extra 


Enter password: 


[root@laptop]# 








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved