A.1 acid_ag

Previous page
Table of content
Next page
    
+----------+------------------+------+-----+---------+----------------+ | Field    | Type             | Null | Key | Default | Extra          | +----------+------------------+------+-----+---------+----------------+ | ag_id    | int(10) unsigned |      | PRI | NULL    | auto_increment | | ag_name  | varchar(40)      | YES  |     | NULL    |                | | ag_desc  | text             | YES  |     | NULL    |                | | ag_ctime | datetime         | YES  |     | NULL    |                | | ag_ltime | datetime         | YES  |     | NULL    |                | +----------+------------------+------+-----+---------+----------------+

A.1.1 acid_ag_alert

+--------+------------------+------+-----+---------+-------+ | Field  | Type             | Null | Key | Default | Extra | +--------+------------------+------+-----+---------+-------+ | ag_id  | int(10) unsigned |      | PRI | 0       |       | | ag_sid | int(10) unsigned |      | PRI | 0       |       | | ag_cid | int(10) unsigned |      | PRI | 0       |       | +--------+------------------+------+-----+---------+-------+

A.1.1.1 acid_event
+--------------+------------------+------+-----+---------------------+-------+ | Field        | Type             | Null | Key | Default             | Extra | +--------------+------------------+------+-----+---------------------+-------+ | sid          | int(10) unsigned |      | PRI | 0                   |       | | cid          | int(10) unsigned |      | PRI | 0                   |       | | signature    | int(10) unsigned |      | MUL | 0                   |       | | sig_name     | varchar(255)     | YES  | MUL | NULL                |       | | sig_class_id | int(10) unsigned | YES  | MUL | NULL                |       | | sig_priority | int(10) unsigned | YES  | MUL | NULL                |       | | timestamp    | datetime         |      | MUL | 0000-00-00 00:00:00 |       | | ip_src       | int(10) unsigned | YES  | MUL | NULL                |       | | ip_dst       | int(10) unsigned | YES  | MUL | NULL                |       | | ip_proto     | int(11)          | YES  | MUL | NULL                |       | | layer4_sport | int(10) unsigned | YES  | MUL | NULL                |       | | layer4_dport | int(10) unsigned | YES  | MUL | NULL                |       | +--------------+------------------+------+-----+---------------------+-------+

A.1.1.2 acid_ip_cache
+---------------------+------------------+------+-----+---------+-------+ | Field               | Type             | Null | Key | Default | Extra | +---------------------+------------------+------+-----+---------+-------+ | ipc_ip              | int(10) unsigned |      | PRI | 0       |       | | ipc_fqdn            | varchar(50)      | YES  |     | NULL    |       | | ipc_dns_timestamp   | datetime         | YES  |     | NULL    |       | | ipc_whois           | text             | YES  |     | NULL    |       | | ipc_whois_timestamp | datetime         | YES  |     | NULL    |       | +---------------------+------------------+------+-----+---------+-------+

A.1.1.3 data
+--------------+------------------+------+-----+---------+-------+ | Field        | Type             | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+-------+ | sid          | int(10) unsigned |      | PRI | 0       |       | | cid          | int(10) unsigned |      | PRI | 0       |       | | data_payload | text             | YES  |     | NULL    |       | +--------------+------------------+------+-----+---------+-------+

A.1.1.4 detail
+-------------+---------------------+------+-----+---------+-------+ | Field       | Type                | Null | Key | Default | Extra | +-------------+---------------------+------+-----+---------+-------+ | detail_type | tinyint(3) unsigned |      | PRI | 0       |       | | detail_text | text                |      |     |         |       | +-------------+---------------------+------+-----+---------+-------+

A.1.1.5 encoding
+---------------+---------------------+------+-----+---------+-------+ | Field         | Type                | Null | Key | Default | Extra | +---------------+---------------------+------+-----+---------+-------+ | encoding_type | tinyint(3) unsigned |      | PRI | 0       |       | | encoding_text | text                |      |     |         |       | +---------------+---------------------+------+-----+---------+-------+

A.1.1.6 event
+-----------+------------------+------+-----+---------------------+-------+ | Field     | Type             | Null | Key | Default             | Extra | +-----------+------------------+------+-----+---------------------+-------+ | sid       | int(10) unsigned |      | PRI | 0                   |       | | cid       | int(10) unsigned |      | PRI | 0                   |       | | signature | int(10) unsigned |      | MUL | 0                   |       | | timestamp | datetime         |      | MUL | 0000-00-00 00:00:00 |       | +-----------+------------------+------+-----+---------------------+-------+

A.1.1.7 icmphdr
+-----------+----------------------+------+-----+---------+-------+ | Field     | Type                 | Null | Key | Default | Extra | +-----------+----------------------+------+-----+---------+-------+ | sid       | int(10) unsigned     |      | PRI | 0       |       | | cid       | int(10) unsigned     |      | PRI | 0       |       | | icmp_type | tinyint(3) unsigned  |      | MUL | 0       |       | | icmp_code | tinyint(3) unsigned  |      |     | 0       |       | | icmp_csum | smallint(5) unsigned | YES  |     | NULL    |       | | icmp_id   | smallint(5) unsigned | YES  |     | NULL    |       | | icmp_seq  | smallint(5) unsigned | YES  |     | NULL    |       | +-----------+----------------------+------+-----+---------+-------+

A.1.1.8 iphdr
+----------+----------------------+------+-----+---------+-------+ | Field    | Type                 | Null | Key | Default | Extra | +----------+----------------------+------+-----+---------+-------+ | sid      | int(10) unsigned     |      | PRI | 0       |       | | cid      | int(10) unsigned     |      | PRI | 0       |       | | ip_src   | int(10) unsigned     |      | MUL | 0       |       | | ip_dst   | int(10) unsigned     |      | MUL | 0       |       | | ip_ver   | tinyint(3) unsigned  | YES  |     | NULL    |       | | ip_hlen  | tinyint(3) unsigned  | YES  |     | NULL    |       | | ip_tos   | tinyint(3) unsigned  | YES  |     | NULL    |       | | ip_len   | smallint(5) unsigned | YES  |     | NULL    |       | | ip_id    | smallint(5) unsigned | YES  |     | NULL    |       | | ip_flags | tinyint(3) unsigned  | YES  |     | NULL    |       | | ip_off   | smallint(5) unsigned | YES  |     | NULL    |       | | ip_ttl   | tinyint(3) unsigned  | YES  |     | NULL    |       | | ip_proto | tinyint(3) unsigned  |      |     | 0       |       | | ip_csum  | smallint(5) unsigned | YES  |     | NULL    |       | +----------+----------------------+------+-----+---------+-------+

A.1.1.9 opt
+-----------+---------------------+------+-----+---------+-------+ | Field     | Type                | Null | Key | Default | Extra | +-----------+---------------------+------+-----+---------+-------+ | sid       | int(10) unsigned    |      | PRI | 0       |       | | cid       | int(10) unsigned    |      | PRI | 0       |       | | optid     | int(10) unsigned    |      | PRI | 0       |       | | opt_proto | tinyint(3) unsigned |      |     | 0       |       | | opt_code  | tinyint(3) unsigned |      |     | 0       |       | | opt_len   | smallint(6)         | YES  |     | NULL    |       | | opt_data  | text                | YES  |     | NULL    |       | +-----------+---------------------+------+-----+---------+-------+

A.1.1.10 reference
+---------------+------------------+------+-----+---------+----------------+ | Field         | Type             | Null | Key | Default | Extra          | +---------------+------------------+------+-----+---------+----------------+ | ref_id        | int(10) unsigned |      | PRI | NULL    | auto_increment | | ref_system_id | int(10) unsigned |      |     | 0       |                | | ref_tag       | text             |      |     |         |                | +---------------+------------------+------+-----+---------+----------------+

A.1.1.11 reference_system
+-----------------+------------------+------+-----+---------+----------------+ | Field           | Type             | Null | Key | Default | Extra          | +-----------------+------------------+------+-----+---------+----------------+ | ref_system_id   | int(10) unsigned |      | PRI | NULL    | auto_increment | | ref_system_name | varchar(20)      | YES  |     | NULL    |                | +-----------------+------------------+------+-----+---------+----------------+

A.1.1.12 schema
+-------+------------------+------+-----+---------------------+-------+ | Field | Type             | Null | Key | Default             | Extra | +-------+------------------+------+-----+---------------------+-------+ | vseq  | int(10) unsigned |      | PRI | 0                   |       | | ctime | datetime         |      |     | 0000-00-00 00:00:00 |       | +-------+------------------+------+-----+---------------------+-------+

A.1.1.13 sensor
+-----------+------------------+------+-----+---------+----------------+ | Field     | Type             | Null | Key | Default | Extra          | +-----------+------------------+------+-----+---------+----------------+ | sid       | int(10) unsigned |      | PRI | NULL    | auto_increment | | hostname  | text             | YES  |     | NULL    |                | | interface | text             | YES  |     | NULL    |                | | filter    | text             | YES  |     | NULL    |                | | detail    | tinyint(4)       | YES  |     | NULL    |                | | encoding  | tinyint(4)       | YES  |     | NULL    |                | | last_cid  | int(10) unsigned |      |     | 0       |                | +-----------+------------------+------+-----+---------+----------------+

A.1.1.14 sig_class
+----------------+------------------+------+-----+---------+----------------+ | Field          | Type             | Null | Key | Default | Extra          | +----------------+------------------+------+-----+---------+----------------+ | sig_class_id   | int(10) unsigned |      | PRI | NULL    | auto_increment | | sig_class_name | varchar(60)      |      | MUL |         |                | +----------------+------------------+------+-----+---------+----------------+

A.1.1.15 sig_reference
+---------+------------------+------+-----+---------+-------+ | Field   | Type             | Null | Key | Default | Extra | +---------+------------------+------+-----+---------+-------+ | sig_id  | int(10) unsigned |      | PRI | 0       |       | | ref_seq | int(10) unsigned |      | PRI | 0       |       | | ref_id  | int(10) unsigned |      |     | 0       |       | +---------+------------------+------+-----+---------+-------+

A.1.1.16 signature
+--------------+------------------+------+-----+---------+----------------+ | Field        | Type             | Null | Key | Default | Extra          | +--------------+------------------+------+-----+---------+----------------+ | sig_id       | int(10) unsigned |      | PRI | NULL    | auto_increment | | sig_name     | varchar(255)     |      | MUL |         |                | | sig_class_id | int(10) unsigned |      | MUL | 0       |                | | sig_priority | int(10) unsigned | YES  |     | NULL    |                | | sig_rev      | int(10) unsigned | YES  |     | NULL    |                | | sig_sid      | int(10) unsigned | YES  |     | NULL    |                | +--------------+------------------+------+-----+---------+----------------+

A.1.1.17 tcphdr
+-----------+----------------------+------+-----+---------+-------+ | Field     | Type                 | Null | Key | Default | Extra | +-----------+----------------------+------+-----+---------+-------+ | sid       | int(10) unsigned     |      | PRI | 0       |       | | cid       | int(10) unsigned     |      | PRI | 0       |       | | tcp_sport | smallint(5) unsigned |      | MUL | 0       |       | | tcp_dport | smallint(5) unsigned |      | MUL | 0       |       | | tcp_seq   | int(10) unsigned     | YES  |     | NULL    |       | | tcp_ack   | int(10) unsigned     | YES  |     | NULL    |       | | tcp_off   | tinyint(3) unsigned  | YES  |     | NULL    |       | | tcp_res   | tinyint(3) unsigned  | YES  |     | NULL    |       | | tcp_flags | tinyint(3) unsigned  |      | MUL | 0       |       | | tcp_win   | smallint(5) unsigned | YES  |     | NULL    |       | | tcp_csum  | smallint(5) unsigned | YES  |     | NULL    |       | | tcp_urp   | smallint(5) unsigned | YES  |     | NULL    |       | +-----------+----------------------+------+-----+---------+-------+

A.1.1.18 udphdr
+-----------+----------------------+------+-----+---------+-------+ | Field     | Type                 | Null | Key | Default | Extra | +-----------+----------------------+------+-----+---------+-------+ | sid       | int(10) unsigned     |      | PRI | 0       |       | | cid       | int(10) unsigned     |      | PRI | 0       |       | | udp_sport | smallint(5) unsigned |      | MUL | 0       |       | | udp_dport | smallint(5) unsigned |      | MUL | 0       |       | | udp_len   | smallint(5) unsigned | YES  |     | NULL    |       | | udp_csum  | smallint(5) unsigned | YES  |     | NULL    |       | +-----------+----------------------+------+-----+---------+-------+


Previous page
Table of content
Next page
Managing Security With Snort and IDS Tools
Managing Security with Snort and IDS Tools
ISBN: 0596006616
EAN: 2147483647
Year: 2006
Pages: 136
Authors: Christopher Gerg, Kerry J. Cox
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Strategies for Information Technology Governance
SQL Tips & Techniques (Miscellaneous)
WebLogic: The Definitive Guide
MySQL Cookbook
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy