[[PageOutline]]

 = 參數說明 = 

 || 參數 || 說明 || 
 || $dst_IP || 被攻擊的IP || 
 || $src_IP || 攻擊來源IP || 
 || $alert_name || 警訊名稱 || 
 || $sid || snort警訊編號 || 
 || $priority || 攻擊等級: 1~3 (強~弱) || 
 || $class || 攻擊分類名稱 || 
 || $src_port || 來源port || 
 || $dst_port || 被攻擊的port || 
 || $type || 封包型態 || 

 = [wiki:ExperimentLog_1 實驗一] = 
 * [wiki:ExperimentLog_1 detail] 

 * select * from  flex

98 row(s) in set. (0.30 sec)

 * 格式：

$dst_IP
 || Column Family : Column Qulify || cell value || 
 || direction:dstport || $dst_port || 
 || direction:soure || $src_IP || 
 || direction:srcport || $src_port || 
 || id:gid || $generation_id ||
 || id:priority || $priority || 
 || id:sid || $sid || 
 || id:version || $version || 
 || name:class || $class || 
 || name:name || $alert_name || 
 || payload:type || $type || 

 * 範例：
{{{
#!html

 <table>

 <tbody><tr>
  <th>
Row
  </th>
  <th>
Column
  </th>
  <th>
Cell
  </th>
 </tr>
 <tr>

  <td>
105.175.203.246
  </td>
  <td>
direction:dstport
  </td>
  <td>
0
  </td>
 </tr>
 <tr>
  <td>

105.175.203.246
  </td>
  <td>
direction:soure
  </td>
  <td>
168.150.177.165
  </td>
 </tr>
 <tr>
  <td>
105.175.203.246
  </td>

  <td>
direction:srcport
  </td>
  <td>
0
  </td>
 </tr>
 <tr>
  <td>
105.175.203.246
  </td>
  <td>

id:gid
  </td>
  <td>
1
  </td>
 </tr>
 <tr>
  <td>
105.175.203.246
  </td>
  <td>
id:priority
  </td>

  <td>
3
  </td>
 </tr>
 <tr>
  <td>
105.175.203.246
  </td>
  <td>
id:sid
  </td>
  <td>

402
  </td>
 </tr>
 <tr>
  <td>
105.175.203.246
  </td>
  <td>
id:version
  </td>
  <td>
7
  </td>

 </tr>
 <tr>
  <td>
105.175.203.246
  </td>
  <td>
name:class
  </td>
  <td>
Misc activity
  </td>
 </tr>

 <tr>
  <td>
105.175.203.246
  </td>
  <td>
name:name
  </td>
  <td>
ICMP Destination Unreachable Port Unreachable 
  </td>
 </tr>
 <tr>

  <td>
105.175.203.246
  </td>
  <td>
payload:type
  </td>
  <td>
ICMP
  </td></tr></tbody></table>
}}}


 = [wiki:ExperimentLog_2 實驗二] = 
 * [wiki:ExperimentLog_2 detail] 

 * 目的：

矯正不同攻擊在同一個目標ip只能紀錄最後一筆的問題

 * select * from  !NewSnort
128 row(s) in set. (0.29 sec)

 * 格式：

$dst_IP : $sid
 || Column Family : Column Qulify || cell value || 
 || '''name''':$alert_name || '''priority=''' $priority '''; class=''' $class || 
 || '''from''':$source || $src_IP : $src_port => $dst_IP : $dst_port  || 
 || '''payload''':$type || $type || 

 * 範例：
{{{
#!html

 <table>
 <tbody><tr>
  <th>
Row
  </th>
  <th>
Column
  </th>
  <th>
Cell
  </th>
 </tr>
 <tr>

  <td>
105.175.203.246&lt;=402
  </td>
  <td>
from:168.150.177.165
  </td>
  <td>
168.150.177.165:0 =&gt; 105.175.203.246:0
  </td>
 </tr>

 <tr>
  <td>
105.175.203.246&lt;=402
  </td>
  <td>
name:ICMP Destination Unreachable Port Unreachable 
  </td>
  <td>
priority=3class=Misc activity
  </td>
 </tr>

 <tr>
  <td>
105.175.203.246&lt;=402
  </td>
  <td>
payload:ICMP
  </td>
  <td>
ICMP
  </td>
 </tr>
 </table>
 </tbody>

}}}

 = [wiki:ExperimentLog_3 實驗三] = 
 * [wiki:ExperimentLog_3 detail] 

select * from !NewTable1;

98 row(s) in set. (0.46 sec) 

 * 目的：

解決實驗二之 多個來源用不同攻擊方法攻同一目標ip 卻無（source v.s. attack）對應問題

 * 格式：

$dst_IP 
 || Column Family : Column Qulify || cell value || 
 || '''!SourceSid'':$source ( $sid ) || '''name''' = $alert_name; '''priority=''' $priority '''; class=''' $class ''';port=''' $dst_port ''';type=''' $type|| 

 * 範例：

{{{
#!html
 <table> <tbody><tr>   <th> Row   </th>  <th> Column  </th>  <th>Cell  </th> </tr> <tr>

  <td>
105.175.203.246
  </td>
  <td>
SourceSID:168.150.177.165(402)
  </td>
  <td>
name=ICMP Destination Unreachable Port Unreachable ;priority=3;class=Misc activity;dst_port=0;type=ICMP
  </td>
</tr></tbody></table>
}}}