Re: [Secureideas-base-devel] Db Architecture
Brought to you by:
secureideas,
sinukas
From: Michael S. <ms...@ma...> - 2006-08-23 09:02:53
|
On Tue, Aug 22, 2006 at 11:22:53PM -0400, Axton Grams wrote: > * use db triggers to capture aggregate data for large datasets > * capture event count per > * sig_class > * signature > * sensor > * tcp/udp/icmp packets I wouldn't do this. For large datasets these numbers are truely useless. For small datasets they're quick to generate. There's no point in bogging things down by forcing everybody to generate them at the schema level. > eid INT UNSIGNED NOT NULL AUTO_INCREMENT, > did INT UNSIGNED NOT NULL AUTO_INCREMENT, > iphdrid INT UNSIGNED NOT NULL AUTO_INCREMENT, > tcphdrid INT UNSIGNED NOT NULL AUTO_INCREMENT, > udphdrid INT UNSIGNED NOT NULL AUTO_INCREMENT, > icmphdrid INT UNSIGNED NOT NULL AUTO_INCREMENT, > optid INT UNSIGNED NOT NULL AUTO_INCREMENT, > ref_id INT UNSIGNED NOT NULL AUTO_INCREMENT, > sref_id INT UNSIGNED NOT NULL AUTO_INCREMENT, I'd suggest not having a seperate id for each table--there's no need. Just have one id per event that's a key into each. Mike Stone |