/
mysql.schema
91 lines (82 loc) · 2.97 KB
/
mysql.schema
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Copyright (C) 2009 Trend Micro Inc.
# All rights reserved.
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
CREATE TABLE IF NOT EXISTS category
(
cat_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
cat_name VARCHAR(32) NOT NULL UNIQUE,
PRIMARY KEY (cat_id)
);
CREATE TABLE IF NOT EXISTS signature
(
id int UNSIGNED NOT NULL AUTO_INCREMENT,
rule_id MEDIUMINT UNSIGNED NOT NULL UNIQUE,
level TINYINT UNSIGNED,
description VARCHAR(255) NOT NULL,
PRIMARY KEY (id),
INDEX (level),
INDEX (rule_id)
);
CREATE TABLE IF NOT EXISTS signature_category_mapping
(
id INT UNSIGNED NOT NULL AUTO_INCREMENT,
rule_id MEDIUMINT UNSIGNED NOT NULL,
cat_id SMALLINT UNSIGNED NOT NULL,
PRIMARY KEY (id, rule_id, cat_id)
);
CREATE TABLE IF NOT EXISTS server
(
id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
last_contact INT UNSIGNED NOT NULL,
version VARCHAR(32) NOT NULL,
hostname VARCHAR(64) NOT NULL UNIQUE,
information TEXT NOT NULL,
PRIMARY KEY (id)
);
CREATE TABLE IF NOT EXISTS agent
(
id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
server_id SMALLINT UNSIGNED NOT NULL,
last_contact INT UNSIGNED NOT NULL,
ip_address VARCHAR(46) NOT NULL,
version VARCHAR(32) NOT NULL,
name VARCHAR(64) NOT NULL,
information VARCHAR(128) NOT NULL,
PRIMARY KEY (id, server_id)
);
CREATE TABLE IF NOT EXISTS location
(
id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
server_id SMALLINT UNSIGNED NOT NULL,
name VARCHAR(128) NOT NULL,
PRIMARY KEY (id, server_id)
);
CREATE TABLE IF NOT EXISTS alert
(
id INT UNSIGNED NOT NULL AUTO_INCREMENT,
server_id SMALLINT UNSIGNED NOT NULL,
rule_id MEDIUMINT UNSIGNED NOT NULL,
level TINYINT UNSIGNED,
timestamp INT UNSIGNED NOT NULL,
location_id SMALLINT UNSIGNED NOT NULL,
src_ip VARCHAR(46),
dst_ip VARCHAR(46),
src_port SMALLINT UNSIGNED,
dst_port SMALLINT UNSIGNED,
alertid VARCHAR(30) DEFAULT NULL,
user TEXT NOT NULL,
full_log TEXT NOT NULL,
is_hidden TINYINT NOT NULL DEFAULT '0',
tld VARCHAR(5) NOT NULL DEFAULT '',
PRIMARY KEY (id, server_id),
INDEX (alertid),
INDEX (level),
INDEX time (timestamp),
INDEX (rule_id),
INDEX (src_ip),
INDEX (tld)
);