create_mysql

该软件是一个有名的基于网络的入侵检测系统

# Copyright (C) 2000 Carnegie Mellon University
#
# Author(s): Jed Pickel <jed@pickel.net>, Todd Schrubb <tls@cert.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

CREATE TABLE event  ( sid 	  INT 	   UNSIGNED NOT NULL,
                      cid 	  INT 	   UNSIGNED NOT NULL,
                      signature   VARCHAR  (255)    NOT NULL,
                      timestamp 	   DATETIME NOT NULL,
                      PRIMARY KEY (sid,cid),
                      INDEX       sig (signature(10)),
                      INDEX       time (timestamp));

CREATE TABLE sensor ( sid	  INT 	   UNSIGNED NOT NULL AUTO_INCREMENT,
                      hostname    TEXT,
                      interface   TEXT,
                      filter	  TEXT,
                      PRIMARY KEY (sid));

CREATE TABLE iphdr  ( sid 	  INT 	   UNSIGNED NOT NULL,
                      cid 	  INT 	   UNSIGNED NOT NULL,
                      ip_proto 	  TINYINT  UNSIGNED,
                      ip_src0  	  TINYINT  UNSIGNED NOT NULL,
                      ip_src1  	  TINYINT  UNSIGNED NOT NULL,
                      ip_src2  	  TINYINT  UNSIGNED NOT NULL,
                      ip_src3  	  TINYINT  UNSIGNED NOT NULL,
                      ip_dst0  	  TINYINT  UNSIGNED NOT NULL,
                      ip_dst1  	  TINYINT  UNSIGNED NOT NULL,
                      ip_dst2  	  TINYINT  UNSIGNED NOT NULL,
                      ip_dst3  	  TINYINT  UNSIGNED NOT NULL,
                      ip_tos  	  TINYINT  UNSIGNED,
                      ip_ttl   	  TINYINT  UNSIGNED,
                      ip_id    	  SMALLINT UNSIGNED,
                      ip_off      SMALLINT UNSIGNED,
                      ip_len 	  SMALLINT UNSIGNED,
                      PRIMARY KEY (sid,cid),
                      INDEX   sip (ip_src0,ip_src1,ip_src2,ip_src3),
                      INDEX   dip (ip_dst0,ip_dst1,ip_dst2,ip_dst3));

CREATE TABLE tcphdr(  sid 	  INT 	   UNSIGNED NOT NULL,
                      cid 	  INT 	   UNSIGNED NOT NULL,
                      th_sport 	  SMALLINT UNSIGNED NOT NULL,
                      th_dport 	  SMALLINT UNSIGNED NOT NULL,
                      th_flags 	  SMALLINT UNSIGNED NOT NULL,
                      th_win   	  SMALLINT UNSIGNED,
                      th_urp      SMALLINT UNSIGNED,
                      PRIMARY KEY (sid,cid),
                      INDEX       sport (th_sport),
                      INDEX       dport (th_dport),
                      INDEX       flags (th_flags));

CREATE TABLE udphdr(  sid 	  INT 	   UNSIGNED NOT NULL,
                      cid 	  INT 	   UNSIGNED NOT NULL,
                      uh_sport 	  SMALLINT UNSIGNED NOT NULL,
                      uh_dport 	  SMALLINT UNSIGNED NOT NULL,
                      uh_len   	  SMALLINT UNSIGNED,
                      PRIMARY KEY (sid,cid),
                      INDEX       sport (uh_sport),
                      INDEX       dport (uh_dport));

CREATE TABLE icmphdr( sid 	  INT 	   UNSIGNED NOT NULL,
                      cid 	  INT  	   UNSIGNED NOT NULL,
                      type 	  TINYINT  UNSIGNED NOT NULL,
                      code 	  TINYINT  UNSIGNED NOT NULL,
                      PRIMARY KEY (sid,cid),
                      INDEX       type (type));