select *, inet_ntoa(src_ip) from alert limit 10; It's an unsigned int type in MySQL (32bit unsigned integer). Basically, the decimal version of IP Address. This requires 8 bytes to store each IP Address. If you stored this as a varchar, this would require approximately 15 bytes. It's just a more efficient way to store IP Addresses, as well as search them. Note inet_ntoa is number to address, and inet_aton is address to number (at least that is how I remember them)
See: http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-atonand it's counter part inet_ntoa. On Mon, May 2, 2011 at 6:27 PM, Matt <[email protected]> wrote: > Hi, > > Just started using ossec and it's great for my needs, monitoring > OpenVZ containers. > > I've set up alerting to a MySQL database and that's working OK. In the > 'alert' table though there is a field called src_ip and I'm not sure > what number is being logged here? It's not an IP address and I can't > see that it's a lookup refence to another table. > > select * from alert limit 10; > +----+-----------+---------+------------+-------------+------------ > +--------+----------+----------+ > | id | server_id | rule_id | timestamp | location_id | src_ip | > dst_ip | src_port | dst_port | > +----+-----------+---------+------------+-------------+------------ > +--------+----------+----------+ > | 3 | 1 | 5706 | 1304272050 | 3 | 1159222217 | > NULL | NULL | NULL | > | 4 | 1 | 31101 | 1304272174 | 4 | 1372152755 | > NULL | NULL | NULL | > > Am I missing something obvious? > > Thanks, Matt > -- Bradley Falzon [email protected]
