mysql database changes
CS Lee
geek00l at gmail.com
Mon Jun 25 00:27:41 EDT 2012
hi Carter,
While the changes work correctly for tcp and udp, it seems the hex value
doesn't get to convert to decimal for icmp in sport and dport.
Default
mysql> SELECT stime, saddr, sport, daddr, dport, spkts, dpkts, proto, state
FROM tbl_argus;
+-------------------+-------------+--------+----------------+--------+-------+-------+-------+-------+
| stime | saddr | sport | daddr | dport |
spkts | dpkts | proto | state |
+-------------------+-------------+--------+----------------+--------+-------+-------+-------+-------+
| 1340623505.000000 | 192.168.1.3 | 0x0008 | 209.85.175.139 | 0x1723 |
8 | 1 | icmp | ECO |
+-------------------+-------------+--------+----------------+--------+-------+-------+-------+-------+
After drop the table, and apply the patch
mysql> SELECT stime, saddr, sport, daddr, dport, spkts, dpkts, proto, state
FROM tbl_argus;
+-------------------+------------+-------+------------+-------+-------+-------+-------+-------+
| stime | saddr | sport | daddr | dport | spkts |
dpkts | proto | state |
+-------------------+------------+-------+------------+-------+-------+-------+-------+-------+
| 1340623505.000000 | 3232235779 | 0 | 3512053643 | 0 | 8 |
1 | icmp | ECO |
+-------------------+------------+-------+------------+-------+-------+-------+-------+-------+
1 row in set (0.00 sec)
If hex conversion is right, then 0x0008 will be 8 and 0x1723 will be 5923
in decimal. Here's my testing table -
mysql> desc tbl_argus;
+-----------+-----------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra
|
+-----------+-----------------------+------+-----+---------+----------------+
| autoid | int(11) | NO | PRI | NULL | auto_increment
|
| stime | double(18,6) unsigned | NO | | NULL |
|
| ltime | double(18,6) unsigned | NO | | NULL |
|
| dur | double(18,6) | NO | | NULL |
|
| srcid | varchar(64) | YES | | NULL |
|
| flgs | varchar(32) | YES | | NULL |
|
| proto | varchar(16) | NO | | NULL |
|
| saddr | varchar(64) | NO | | NULL |
|
| sport | smallint(5) unsigned | YES | | NULL |
|
| dir | varchar(3) | YES | | NULL |
|
| daddr | varchar(64) | NO | | NULL |
|
| dport | smallint(5) unsigned | YES | | NULL |
|
| pkts | bigint(20) | YES | | NULL |
|
| bytes | bigint(20) | YES | | NULL |
|
| appbytes | bigint(20) | YES | | NULL |
|
| state | varchar(32) | YES | | NULL |
|
| spkts | bigint(20) | YES | | NULL |
|
| dpkts | bigint(20) | YES | | NULL |
|
| sbytes | bigint(20) | YES | | NULL |
|
| dbytes | bigint(20) | YES | | NULL |
|
| sappbytes | bigint(20) | YES | | NULL |
|
| dappbytes | bigint(20) | YES | | NULL |
|
| smaxsz | smallint(5) unsigned | YES | | NULL |
|
| dmaxsz | smallint(5) unsigned | YES | | NULL |
|
| sminsz | smallint(5) unsigned | YES | | NULL |
|
| dminsz | smallint(5) unsigned | YES | | NULL |
|
| smac | varchar(24) | YES | | NULL |
|
| dmac | varchar(24) | YES | | NULL |
|
| sco | varchar(2) | YES | | NULL |
|
| dco | varchar(2) | YES | | NULL |
|
| sas | int(10) unsigned | YES | | NULL |
|
| das | int(10) unsigned | YES | | NULL |
|
| record | blob | YES | | NULL |
|
+-----------+-----------------------+------+-----+---------+----------------+
33 rows in set (0.01 sec)
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120625/7c7bfa50/attachment.html>
More information about the argus
mailing list