Appendix A. Snort and ACID Database Schema
The following tables are in a database configured for Snort and ACID:
|
acid_ag |
event |
sensor |
|
acid_ag_alert |
icmphdr |
sig_class |
|
acid_event |
iphdr |
sig_reference |
|
acid_ip_cache |
opt |
signature |
|
data |
reference |
tcphdr |
|
detail |
reference_system |
udphdr |
|
encoding |
schema |
Figure A-1 shows the relationship between the tables.
 |
Figure A-1. The relationship between the tables
A description of each table follows.
acid_ag
+----------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +----------+------------------+------+-----+---------+----------------+ | ag_id | int(10) unsigned | | PRI | NULL | auto_increment | | ag_name | varchar(40) | YES | | NULL | | | ag_desc | text | YES | | NULL | | | ag_ctime | datetime | YES | | NULL | | | ag_ltime | datetime | YES | | NULL | | +----------+------------------+------+-----+---------+----------------+
acid_ag_alert
+--------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------+------------------+------+-----+---------+-------+ | ag_id | int(10) unsigned | | PRI | 0 | | | ag_sid | int(10) unsigned | | PRI | 0 | | | ag_cid | int(10) unsigned | | PRI | 0 | | +--------+------------------+------+-----+---------+-------+
acid_event
+--------------+------------------+------+-----+---------------------+-------+ ...
Get Managing Security with Snort & IDS Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
