-- phpMyAdmin SQL Dump
-- version 3.2.4
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Erstellungszeit: 17. Februar 2011 um 11:00
-- Server Version: 5.1.41
-- PHP-Version: 5.3.1

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Datenbank: `snort`
--

-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `acid_ag`
--

CREATE TABLE IF NOT EXISTS `acid_ag` (
  `ag_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `ag_name` varchar(40) DEFAULT NULL,
  `ag_desc` text,
  `ag_ctime` datetime DEFAULT NULL,
  `ag_ltime` datetime DEFAULT NULL,
  PRIMARY KEY (`ag_id`),
  KEY `ag_id` (`ag_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

--
-- Daten fr Tabelle `acid_ag`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `acid_ag_alert`
--

CREATE TABLE IF NOT EXISTS `acid_ag_alert` (
  `ag_id` int(10) unsigned NOT NULL,
  `ag_sid` int(10) unsigned NOT NULL,
  `ag_cid` int(10) unsigned NOT NULL,
  PRIMARY KEY (`ag_id`,`ag_sid`,`ag_cid`),
  KEY `ag_id` (`ag_id`),
  KEY `ag_sid` (`ag_sid`,`ag_cid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `acid_ag_alert`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `acid_event`
--

CREATE TABLE IF NOT EXISTS `acid_event` (
  `sid` int(10) unsigned NOT NULL,
  `cid` int(10) unsigned NOT NULL,
  `signature` int(10) unsigned NOT NULL,
  `sig_name` varchar(255) DEFAULT NULL,
  `sig_class_id` int(10) unsigned DEFAULT NULL,
  `sig_priority` int(10) unsigned DEFAULT NULL,
  `timestamp` datetime NOT NULL,
  `ip_src` int(10) unsigned DEFAULT NULL,
  `ip_dst` int(10) unsigned DEFAULT NULL,
  `ip_proto` int(11) DEFAULT NULL,
  `layer4_sport` int(10) unsigned DEFAULT NULL,
  `layer4_dport` int(10) unsigned DEFAULT NULL,
  PRIMARY KEY (`sid`,`cid`),
  KEY `signature` (`signature`),
  KEY `sig_name` (`sig_name`),
  KEY `sig_class_id` (`sig_class_id`),
  KEY `sig_priority` (`sig_priority`),
  KEY `timestamp` (`timestamp`),
  KEY `ip_src` (`ip_src`),
  KEY `ip_dst` (`ip_dst`),
  KEY `ip_proto` (`ip_proto`),
  KEY `layer4_sport` (`layer4_sport`),
  KEY `layer4_dport` (`layer4_dport`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `acid_event`
--

INSERT INTO `acid_event` (`sid`, `cid`, `signature`, `sig_name`, `sig_class_id`, `sig_priority`, `timestamp`, `ip_src`, `ip_dst`, `ip_proto`, `layer4_sport`, `layer4_dport`) VALUES
(2, 12, 12, 'ICMP Echo Reply', 4, 3, '2011-01-20 16:55:31', 3512043411, 168492413, 1, NULL, NULL),
(2, 11, 11, 'ICMP PING Windows', 4, 3, '2011-01-20 16:55:31', 168492413, 3512043411, 1, NULL, NULL),
(2, 10, 10, 'ICMP PING', 4, 3, '2011-01-20 16:55:31', 168492413, 3512043411, 1, NULL, NULL),
(2, 9, 12, 'ICMP Echo Reply', 4, 3, '2011-01-20 16:55:30', 3512043411, 168492413, 1, NULL, NULL),
(2, 8, 11, 'ICMP PING Windows', 4, 3, '2011-01-20 16:55:30', 168492413, 3512043411, 1, NULL, NULL),
(2, 7, 10, 'ICMP PING', 4, 3, '2011-01-20 16:55:30', 168492413, 3512043411, 1, NULL, NULL),
(2, 6, 12, 'ICMP Echo Reply', 4, 3, '2011-01-20 16:55:29', 3512043411, 168492413, 1, NULL, NULL),
(2, 5, 11, 'ICMP PING Windows', 4, 3, '2011-01-20 16:55:29', 168492413, 3512043411, 1, NULL, NULL),
(2, 4, 10, 'ICMP PING', 4, 3, '2011-01-20 16:55:29', 168492413, 3512043411, 1, NULL, NULL),
(2, 1, 10, 'ICMP PING', 4, 3, '2011-01-20 16:55:28', 168492413, 3512043411, 1, NULL, NULL),
(2, 2, 11, 'ICMP PING Windows', 4, 3, '2011-01-20 16:55:28', 168492413, 3512043411, 1, NULL, NULL),
(2, 3, 12, 'ICMP Echo Reply', 4, 3, '2011-01-20 16:55:28', 3512043411, 168492413, 1, NULL, NULL);

-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `acid_ip_cache`
--

CREATE TABLE IF NOT EXISTS `acid_ip_cache` (
  `ipc_ip` int(10) unsigned NOT NULL,
  `ipc_fqdn` varchar(50) DEFAULT NULL,
  `ipc_dns_timestamp` datetime DEFAULT NULL,
  `ipc_whois` text,
  `ipc_whois_timestamp` datetime DEFAULT NULL,
  PRIMARY KEY (`ipc_ip`),
  KEY `ipc_ip` (`ipc_ip`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `acid_ip_cache`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `base_roles`
--

CREATE TABLE IF NOT EXISTS `base_roles` (
  `role_id` int(11) NOT NULL,
  `role_name` varchar(20) NOT NULL,
  `role_desc` varchar(75) NOT NULL,
  PRIMARY KEY (`role_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `base_roles`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `base_users`
--

CREATE TABLE IF NOT EXISTS `base_users` (
  `usr_id` int(11) NOT NULL,
  `usr_login` varchar(25) NOT NULL,
  `usr_pwd` varchar(32) NOT NULL,
  `usr_name` varchar(75) NOT NULL,
  `role_id` int(11) NOT NULL,
  `usr_enabled` int(11) NOT NULL,
  PRIMARY KEY (`usr_id`),
  KEY `usr_login` (`usr_login`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `base_users`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `data`
--

CREATE TABLE IF NOT EXISTS `data` (
  `sid` int(10) unsigned NOT NULL,
  `cid` int(10) unsigned NOT NULL,
  `data_payload` text,
  PRIMARY KEY (`sid`,`cid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `data`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `detail`
--

CREATE TABLE IF NOT EXISTS `detail` (
  `detail_type` tinyint(3) unsigned NOT NULL,
  `detail_text` text NOT NULL,
  PRIMARY KEY (`detail_type`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `detail`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `encoding`
--

CREATE TABLE IF NOT EXISTS `encoding` (
  `encoding_type` tinyint(3) unsigned NOT NULL,
  `encoding_text` text NOT NULL,
  PRIMARY KEY (`encoding_type`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `encoding`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `event`
--

CREATE TABLE IF NOT EXISTS `event` (
  `sid` int(10) unsigned NOT NULL,
  `cid` int(10) unsigned NOT NULL,
  `signature` int(10) unsigned NOT NULL,
  `timestamp` datetime NOT NULL,
  PRIMARY KEY (`sid`,`cid`),
  KEY `sig` (`signature`),
  KEY `time` (`timestamp`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `event`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `icmphdr`
--

CREATE TABLE IF NOT EXISTS `icmphdr` (
  `sid` int(10) unsigned NOT NULL,
  `cid` int(10) unsigned NOT NULL,
  `icmp_type` tinyint(3) unsigned NOT NULL,
  `icmp_code` tinyint(3) unsigned NOT NULL,
  `icmp_csum` smallint(5) unsigned DEFAULT NULL,
  `icmp_id` smallint(5) unsigned DEFAULT NULL,
  `icmp_seq` smallint(5) unsigned DEFAULT NULL,
  PRIMARY KEY (`sid`,`cid`),
  KEY `icmp_type` (`icmp_type`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `icmphdr`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `iphdr`
--

CREATE TABLE IF NOT EXISTS `iphdr` (
  `sid` int(10) unsigned NOT NULL,
  `cid` int(10) unsigned NOT NULL,
  `ip_src` int(10) unsigned NOT NULL,
  `ip_dst` int(10) unsigned NOT NULL,
  `ip_ver` tinyint(3) unsigned DEFAULT NULL,
  `ip_hlen` tinyint(3) unsigned DEFAULT NULL,
  `ip_tos` tinyint(3) unsigned DEFAULT NULL,
  `ip_len` smallint(5) unsigned DEFAULT NULL,
  `ip_id` smallint(5) unsigned DEFAULT NULL,
  `ip_flags` tinyint(3) unsigned DEFAULT NULL,
  `ip_off` smallint(5) unsigned DEFAULT NULL,
  `ip_ttl` tinyint(3) unsigned DEFAULT NULL,
  `ip_proto` tinyint(3) unsigned NOT NULL,
  `ip_csum` smallint(5) unsigned DEFAULT NULL,
  PRIMARY KEY (`sid`,`cid`),
  KEY `ip_src` (`ip_src`),
  KEY `ip_dst` (`ip_dst`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `iphdr`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `opt`
--

CREATE TABLE IF NOT EXISTS `opt` (
  `sid` int(10) unsigned NOT NULL,
  `cid` int(10) unsigned NOT NULL,
  `optid` int(10) unsigned NOT NULL,
  `opt_proto` tinyint(3) unsigned NOT NULL,
  `opt_code` tinyint(3) unsigned NOT NULL,
  `opt_len` smallint(6) DEFAULT NULL,
  `opt_data` text,
  PRIMARY KEY (`sid`,`cid`,`optid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `opt`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `reference`
--

CREATE TABLE IF NOT EXISTS `reference` (
  `ref_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `ref_system_id` int(10) unsigned NOT NULL,
  `ref_tag` text NOT NULL,
  PRIMARY KEY (`ref_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=52 ;

--
-- Daten fr Tabelle `reference`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `reference_system`
--

CREATE TABLE IF NOT EXISTS `reference_system` (
  `ref_system_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `ref_system_name` varchar(20) DEFAULT NULL,
  PRIMARY KEY (`ref_system_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=10 ;

--
-- Daten fr Tabelle `reference_system`
--

INSERT INTO `reference_system` (`ref_system_id`, `ref_system_name`) VALUES
(8, 'bugtraq'),
(7, 'cve'),
(6, 'url'),
(5, 'arachNIDS'),
(9, 'nessus');

-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `schema`
--

CREATE TABLE IF NOT EXISTS `schema` (
  `vseq` int(10) unsigned NOT NULL,
  `ctime` datetime NOT NULL,
  PRIMARY KEY (`vseq`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `schema`
--

INSERT INTO `schema` (`vseq`, `ctime`) VALUES
(107, '2011-01-18 12:01:41');

-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `sensor`
--

CREATE TABLE IF NOT EXISTS `sensor` (
  `sid` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `hostname` text,
  `interface` text,
  `filter` text,
  `detail` tinyint(4) DEFAULT NULL,
  `encoding` tinyint(4) DEFAULT NULL,
  `last_cid` int(10) unsigned NOT NULL,
  PRIMARY KEY (`sid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--
-- Daten fr Tabelle `sensor`
--

INSERT INTO `sensor` (`sid`, `hostname`, `interface`, `filter`, `detail`, `encoding`, `last_cid`) VALUES
(2, 'DENNIS-PC:\\Device\\NPF_{0EA976E2-2FCC-479F-8796-1C7916D03F24}', '\\Device\\NPF_{0EA976E2-2FCC-479F-8796-1C7916D03F24}', NULL, 1, 0, 458);

-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `signature`
--

CREATE TABLE IF NOT EXISTS `signature` (
  `sig_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `sig_name` varchar(255) NOT NULL,
  `sig_class_id` int(10) unsigned NOT NULL,
  `sig_priority` int(10) unsigned DEFAULT NULL,
  `sig_rev` int(10) unsigned DEFAULT NULL,
  `sig_sid` int(10) unsigned DEFAULT NULL,
  `sig_gid` int(10) unsigned DEFAULT NULL,
  PRIMARY KEY (`sig_id`),
  KEY `sign_idx` (`sig_name`(20)),
  KEY `sig_class_id_idx` (`sig_class_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=37 ;

--
-- Daten fr Tabelle `signature`
--

INSERT INTO `signature` (`sig_id`, `sig_name`, `sig_class_id`, `sig_priority`, `sig_rev`, `sig_sid`, `sig_gid`) VALUES
(36, 'SHELLCODE x86 setuid 0', 10, 2, 10, 650, 1),
(35, 'NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt', 8, 3, 5, 5718, 1),
(34, 'SHELLCODE x86 inc ecx NOOP', 5, 1, 12, 1394, 1),
(33, 'ICMP Echo Reply', 4, 3, 5, 408, 1),
(32, 'ICMP PING Windows', 4, 3, 7, 382, 1),
(31, 'ICMP PING', 4, 3, 5, 384, 1),
(30, 'POLICY Outbound Teredo traffic detected', 9, 1, 2, 12065, 1);

-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `sig_class`
--

CREATE TABLE IF NOT EXISTS `sig_class` (
  `sig_class_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `sig_class_name` varchar(60) NOT NULL,
  PRIMARY KEY (`sig_class_id`),
  KEY `sig_class_id` (`sig_class_id`),
  KEY `sig_class_name` (`sig_class_name`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

--
-- Daten fr Tabelle `sig_class`
--

INSERT INTO `sig_class` (`sig_class_id`, `sig_class_name`) VALUES
(5, 'shellcode-detect'),
(4, 'misc-activity'),
(6, 'attempted-user'),
(7, 'attempted-recon'),
(8, 'protocol-command-decode'),
(9, 'policy-violation'),
(10, 'system-call-detect');

-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `sig_reference`
--

CREATE TABLE IF NOT EXISTS `sig_reference` (
  `sig_id` int(10) unsigned NOT NULL,
  `ref_seq` int(10) unsigned NOT NULL,
  `ref_id` int(10) unsigned NOT NULL,
  PRIMARY KEY (`sig_id`,`ref_seq`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `sig_reference`
--

INSERT INTO `sig_reference` (`sig_id`, `ref_seq`, `ref_id`) VALUES
(36, 1, 51),
(35, 5, 50),
(35, 4, 49),
(35, 3, 48),
(35, 2, 47),
(35, 1, 46);

-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `tcphdr`
--

CREATE TABLE IF NOT EXISTS `tcphdr` (
  `sid` int(10) unsigned NOT NULL,
  `cid` int(10) unsigned NOT NULL,
  `tcp_sport` smallint(5) unsigned NOT NULL,
  `tcp_dport` smallint(5) unsigned NOT NULL,
  `tcp_seq` int(10) unsigned DEFAULT NULL,
  `tcp_ack` int(10) unsigned DEFAULT NULL,
  `tcp_off` tinyint(3) unsigned DEFAULT NULL,
  `tcp_res` tinyint(3) unsigned DEFAULT NULL,
  `tcp_flags` tinyint(3) unsigned NOT NULL,
  `tcp_win` smallint(5) unsigned DEFAULT NULL,
  `tcp_csum` smallint(5) unsigned DEFAULT NULL,
  `tcp_urp` smallint(5) unsigned DEFAULT NULL,
  PRIMARY KEY (`sid`,`cid`),
  KEY `tcp_sport` (`tcp_sport`),
  KEY `tcp_dport` (`tcp_dport`),
  KEY `tcp_flags` (`tcp_flags`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `tcphdr`
--


-- --------------------------------------------------------

--
-- Tabellenstruktur fr Tabelle `udphdr`
--

CREATE TABLE IF NOT EXISTS `udphdr` (
  `sid` int(10) unsigned NOT NULL,
  `cid` int(10) unsigned NOT NULL,
  `udp_sport` smallint(5) unsigned NOT NULL,
  `udp_dport` smallint(5) unsigned NOT NULL,
  `udp_len` smallint(5) unsigned DEFAULT NULL,
  `udp_csum` smallint(5) unsigned DEFAULT NULL,
  PRIMARY KEY (`sid`,`cid`),
  KEY `udp_sport` (`udp_sport`),
  KEY `udp_dport` (`udp_dport`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Daten fr Tabelle `udphdr`
--


/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
