Re: [Secureideas-base-devel] DB Schema Committed
Brought to you by:
secureideas,
sinukas
From: Kevin J. <kjo...@se...> - 2006-11-30 03:51:38
|
On Nov 29, 2006, at 10:36 PM, Axton wrote: > The db schema I started drafting back in August has been committed. Cool! Thanks for doing this. > There is still some work left to do, mainly in these areas: > > - base specific tables (e.g., users, roles). We should think about > the use cases for the application and devise an data model that is > capable of tailoring the app towards those audiences. User/role is > common, but it can be fancier; for example, packets could be > offloaded to different queues (roles). It all depends on the > audience. I agree and would like to see work in this direction, but I think it is secondary to the main snort tables. > - decode information - snort's decode.h covers many types of header > information that is not currently logged today (wifi, ). We should > decide whether (1) this is something snort should handle, (2) this > is something base is capable of doing with the raw packet dumps. > Security should be considered on this one, because sql or code > injection is possible in both scenarios. Not sure, I will think about it but please everyone, comment! > - indexing - a log plugin will need to be written before we can > properly create/optomize the indexes. I will start updating the output plugin tomorrow. I will get this to the group within the next day or two. > > Axton Grams Again, thanks! Kevin Kevin Johnson GCIA, GCIH, CISSP, CEH Principal Consultant Secure Ideas |