Thanks for the info Bradley, I hadn't seen that before. Matt
On May 3, 1:40 am, Bradley Falzon <[email protected]> wrote: > select *, inet_ntoa(src_ip) from alert limit 10; > > It's an unsigned int type in MySQL (32bit unsigned integer). Basically, the > decimal version of IP Address. This requires 8 bytes to store each IP > Address. If you stored this as a varchar, this would require approximately > 15 bytes. It's just a more efficient way to store IP Addresses, as well as > search them. Note inet_ntoa is number to address, and inet_aton is address > to number (at least that is how I remember them) > > See:http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#f... > it's counter part inet_ntoa. > > > > On Mon, May 2, 2011 at 6:27 PM, Matt <[email protected]> wrote: > > Hi, > > > Just started using ossec and it's great for my needs, monitoring > > OpenVZ containers. > > > I've set up alerting to a MySQL database and that's working OK. In the > > 'alert' table though there is a field called src_ip and I'm not sure > > what number is being logged here? It's not an IP address and I can't > > see that it's a lookup refence to another table. > > > select * from alert limit 10; > > +----+-----------+---------+------------+-------------+------------ > > +--------+----------+----------+ > > | id | server_id | rule_id | timestamp | location_id | src_ip | > > dst_ip | src_port | dst_port | > > +----+-----------+---------+------------+-------------+------------ > > +--------+----------+----------+ > > | 3 | 1 | 5706 | 1304272050 | 3 | 1159222217 | > > NULL | NULL | NULL | > > | 4 | 1 | 31101 | 1304272174 | 4 | 1372152755 | > > NULL | NULL | NULL | > > > Am I missing something obvious? > > > Thanks, Matt > > -- > Bradley Falzon > [email protected]
