| 1 | CREATE DATABASE samhain;
|
|---|
| 2 | USE samhain;
|
|---|
| 3 | CREATE TABLE samhain.log (
|
|---|
| 4 | log_index BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
|
|---|
| 5 | log_ref BIGINT UNSIGNED NULL,
|
|---|
| 6 | log_host VARCHAR(64) NOT NULL DEFAULT "localhost",
|
|---|
| 7 | INDEX ix_log_host (log_host),
|
|---|
| 8 | log_time DATETIME NOT NULL,
|
|---|
| 9 | log_sev ENUM("DEBG","INFO","NOTE","WARN","MARK","ERRO","CRIT","ALRT","RCVT") NOT NULL,
|
|---|
| 10 | log_msg BLOB,
|
|---|
| 11 |
|
|---|
| 12 | log_hash VARCHAR(32) NOT NULL,
|
|---|
| 13 | KEY ix_hash (log_hash),
|
|---|
| 14 |
|
|---|
| 15 | entry_status VARCHAR(16) NOT NULL DEFAULT "NEW",
|
|---|
| 16 | INDEX ix_entry_status (entry_status),
|
|---|
| 17 |
|
|---|
| 18 | path BLOB,
|
|---|
| 19 | userid VARCHAR(8),
|
|---|
| 20 | grp VARCHAR(8),
|
|---|
| 21 | program VARCHAR(8),
|
|---|
| 22 | subroutine VARCHAR(16),
|
|---|
| 23 | status VARCHAR(12),
|
|---|
| 24 | hash VARCHAR(50),
|
|---|
| 25 | path_data BLOB,
|
|---|
| 26 | hash_data VARCHAR(50),
|
|---|
| 27 | key_uid VARCHAR(64),
|
|---|
| 28 | key_uid_data VARCHAR(64),
|
|---|
| 29 | key_id VARCHAR(16),
|
|---|
| 30 | module VARCHAR(8),
|
|---|
| 31 | return_code INTEGER,
|
|---|
| 32 | syscall VARCHAR(16),
|
|---|
| 33 | ip VARCHAR(46),
|
|---|
| 34 | tty VARCHAR(16),
|
|---|
| 35 | peer VARCHAR(64),
|
|---|
| 36 | fromhost VARCHAR(64),
|
|---|
| 37 | obj BLOB,
|
|---|
| 38 | interface VARCHAR(64),
|
|---|
| 39 | time VARCHAR(64),
|
|---|
| 40 | dir BLOB,
|
|---|
| 41 | linked_path BLOB,
|
|---|
| 42 | port INTEGER,
|
|---|
| 43 | service VARCHAR(64),
|
|---|
| 44 | facility VARCHAR(32),
|
|---|
| 45 | priority VARCHAR(32),
|
|---|
| 46 | syslog_msg BLOB,
|
|---|
| 47 |
|
|---|
| 48 | mode_old VARCHAR(16),
|
|---|
| 49 | mode_new VARCHAR(16),
|
|---|
| 50 | attr_old VARCHAR(16),
|
|---|
| 51 | attr_new VARCHAR(16),
|
|---|
| 52 |
|
|---|
| 53 | device_old VARCHAR(16),
|
|---|
| 54 | device_new VARCHAR(16),
|
|---|
| 55 | owner_old VARCHAR(9),
|
|---|
| 56 | owner_new VARCHAR(9),
|
|---|
| 57 | group_old VARCHAR(9),
|
|---|
| 58 | group_new VARCHAR(9),
|
|---|
| 59 | ctime_old DATETIME,
|
|---|
| 60 | ctime_new DATETIME,
|
|---|
| 61 | atime_old DATETIME,
|
|---|
| 62 | atime_new DATETIME,
|
|---|
| 63 | mtime_old DATETIME,
|
|---|
| 64 | mtime_new DATETIME,
|
|---|
| 65 | chksum_old VARCHAR(50),
|
|---|
| 66 | chksum_new VARCHAR(50),
|
|---|
| 67 | link_old BLOB,
|
|---|
| 68 | link_new BLOB,
|
|---|
| 69 |
|
|---|
| 70 | size_old BIGINT UNSIGNED,
|
|---|
| 71 | size_new BIGINT UNSIGNED,
|
|---|
| 72 | hardlinks_old BIGINT UNSIGNED,
|
|---|
| 73 | hardlinks_new BIGINT UNSIGNED,
|
|---|
| 74 | inode_old BIGINT UNSIGNED,
|
|---|
| 75 | inode_new BIGINT UNSIGNED,
|
|---|
| 76 |
|
|---|
| 77 | imode_old BIGINT UNSIGNED,
|
|---|
| 78 | imode_new BIGINT UNSIGNED,
|
|---|
| 79 | iattr_old BIGINT UNSIGNED,
|
|---|
| 80 | iattr_new BIGINT UNSIGNED,
|
|---|
| 81 | idevice_old BIGINT UNSIGNED,
|
|---|
| 82 | idevice_new BIGINT UNSIGNED,
|
|---|
| 83 | iowner_old BIGINT UNSIGNED,
|
|---|
| 84 | iowner_new BIGINT UNSIGNED,
|
|---|
| 85 | igroup_old BIGINT UNSIGNED,
|
|---|
| 86 | igroup_new BIGINT UNSIGNED,
|
|---|
| 87 | checkflags_old BIGINT UNSIGNED,
|
|---|
| 88 | checkflags_new BIGINT UNSIGNED,
|
|---|
| 89 |
|
|---|
| 90 |
|
|---|
| 91 | acl_old BLOB,
|
|---|
| 92 | acl_new BLOB
|
|---|
| 93 |
|
|---|
| 94 | );
|
|---|
| 95 |
|
|---|
