Re: Questions about database (PostgreSQL)

[Hugh Fraser <hugh_fraser () dofasco ca>]

Have a look at the ACID project home page
(http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html). They have an
Entity-Relationship diagram describing the Snort tables, including the Snort
DB extra tables along with (of course) the tables ACID uses.

Jed Pickel wrote:

> Hey Deven,
>
> If you are using version 1.8 -- a reference to the signature is stored
> in event.signature. That reference maps to signature.sig_id. The bulk
> of the rest of the tables are tied together with the primary key of
> signature id "sid" and count id "cid". Let me know if you have any
> other questions.
>
> I'll put together a diagram this next weekend and put it up on
> www.incident.org/snortdb to make some of the more subtle relations
> more obvious.
>
> Regards,
>
> * Jed
>
> On Wed, Jul 25, 2001 at 04:12:19PM -1000, Deven Phillips wrote:
> > Hi,
> >
> >       I am wondering what the table relationships are inthe Postgres database
> > portion of Snort. I am trying to tie it all together into a PHP/Web
> > front end, and I can't seem to relate a specific event to a specific
> > signature. It all seems to come out a little off. Can anyone help me???
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users