1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
CREATE DATABASE samhain;
USE samhain;
CREATE TABLE samhain.log (
log_index BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
log_ref BIGINT UNSIGNED NULL,
log_host VARCHAR(64) NOT NULL DEFAULT "localhost",
INDEX ix_log_host (log_host),
log_time DATETIME NOT NULL,
log_sev ENUM("DEBG","INFO","NOTE","WARN","MARK","ERRO","CRIT","ALRT","RCVT") NOT NULL,
log_msg BLOB,
log_hash VARCHAR(32) NOT NULL,
KEY ix_hash (log_hash),
entry_status VARCHAR(16) NOT NULL DEFAULT "NEW",
INDEX ix_entry_status (entry_status),
path BLOB,
userid VARCHAR(8),
grp VARCHAR(8),
program VARCHAR(8),
subroutine VARCHAR(16),
status VARCHAR(12),
hash VARCHAR(50),
path_data BLOB,
hash_data VARCHAR(50),
key_uid VARCHAR(64),
key_uid_data VARCHAR(64),
key_id VARCHAR(16),
module VARCHAR(8),
return_code INTEGER,
syscall VARCHAR(16),
ip VARCHAR(46),
tty VARCHAR(16),
peer VARCHAR(64),
fromhost VARCHAR(64),
obj BLOB,
interface VARCHAR(64),
time VARCHAR(64),
dir BLOB,
linked_path BLOB,
port INTEGER,
service VARCHAR(64),
facility VARCHAR(32),
priority VARCHAR(32),
syslog_msg BLOB,
mode_old VARCHAR(16),
mode_new VARCHAR(16),
attr_old VARCHAR(16),
attr_new VARCHAR(16),
device_old VARCHAR(16),
device_new VARCHAR(16),
owner_old VARCHAR(9),
owner_new VARCHAR(9),
group_old VARCHAR(9),
group_new VARCHAR(9),
ctime_old DATETIME,
ctime_new DATETIME,
atime_old DATETIME,
atime_new DATETIME,
mtime_old DATETIME,
mtime_new DATETIME,
chksum_old VARCHAR(50),
chksum_new VARCHAR(50),
link_old BLOB,
link_new BLOB,
size_old BIGINT UNSIGNED,
size_new BIGINT UNSIGNED,
hardlinks_old BIGINT UNSIGNED,
hardlinks_new BIGINT UNSIGNED,
inode_old BIGINT UNSIGNED,
inode_new BIGINT UNSIGNED,
imode_old BIGINT UNSIGNED,
imode_new BIGINT UNSIGNED,
iattr_old BIGINT UNSIGNED,
iattr_new BIGINT UNSIGNED,
idevice_old BIGINT UNSIGNED,
idevice_new BIGINT UNSIGNED,
iowner_old BIGINT UNSIGNED,
iowner_new BIGINT UNSIGNED,
igroup_old BIGINT UNSIGNED,
igroup_new BIGINT UNSIGNED,
checkflags_old BIGINT UNSIGNED,
checkflags_new BIGINT UNSIGNED,
acl_old BLOB,
acl_new BLOB
);
|