Re: [Sguil-devel] Database schema changes
Status: Beta
Brought to you by:
bamm
From: Bamm V. <ba...@sa...> - 2003-05-06 17:22:54
|
Lets leave the portscan stuff as is for now. To change them would require a mode to the spp_portscan code. Bammkkkk On Tue, May 06, 2003 at 12:07:38PM -0500, steve wrote: > I have made the following changes to the DB schema: > > 1) serverity_criticality TINYINT UNSIGNED, > serverity_lethality TINYINT UNSIGNED, > serverity_system_cm TINYINT UNSIGNED, > serverity_network_cm TINYINT UNSIGNED, > src_abuse_record_id BIGINT UNSIGNED, > dst_abuse_record_id BIGINT UNSIGNED, > > All removed with the indexes associated to them. These are used nowhere in > the code. > > mboman: is there code coming soon that will use these? If so, I will not > remove them. We can always add them back later. > > 2) index on src port removed from event table. When have you ever done a > query based on src port. Not often enuf to warrent an index. > > 3) not a big deal, but I also would like to change the src_ip and dest_ip in > portscan and sensor tables to INT UNSIGNED, but don't know offhand what would > have to change in the code to accomdate this. Bamm? > > If this all looks good I will: > > 1) Up the db schema version to 6 > 2) commit a new create_sguildb.sql > 3) write a sql script to update schema 5 to 6 > > -steve |