168
Chapter 5 Using Snort with MySQL
The command creates three tables, protocols, services, and flags. These tables
contain descriptive information for different protocols, services and flags. The script
also populates the tables with data. A description of these tables is provided in the
snortdb extra script. The list of new tables follows:
mysql> show tables;
+ +
| Tables_in_snort |
+ +
| data |
| detail |
| encoding |
| event |
| flags |
| icmphdr |
| iphdr |
| opt |
| protocols |
| reference |
| reference_system |
| schema |
| sensor |
| services |
| sig_class |
| sig_reference |
| signature |
| tcphdr |
| udphdr |
+ +
19 rows in set (0.01 sec)
mysql>
There are now nineteen tables instead of sixteen. The services table is quite
large and it contains entries for 65535 services, both for TCP and UDP. The total
number of rows in this table is 131072 which makes it quite a big table. Creation of
this table may take a few seconds on the database server when you run the
snortdb extra script.
5.1.5.2
Sample Entries in Snort Database Tables
To give you an idea of what type of entries are present in different tables in the
Snort database, let us select some items from the database and display them.
Following are some entries from table sig_class.
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved