diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/sqlite3.table | 49 | ||||
-rw-r--r-- | doc/sqlite3.txt | 7 |
2 files changed, 35 insertions, 21 deletions
diff --git a/doc/sqlite3.table b/doc/sqlite3.table index 7b5e99a..393b386 100644 --- a/doc/sqlite3.table +++ b/doc/sqlite3.table @@ -1,22 +1,29 @@ -CREATE TABLE ulog ( - raw_mac VARCHAR(80), - oob_time_sec INT UNSIGNED, - oob_time_usec INT UNSIGNED, - ip_saddr INT UNSIGNED, - ip_daddr INT UNSIGNED, - ip_protocol TINYINT UNSIGNED, - ip_totlen SMALLINT UNSIGNED, - tcp_sport SMALLINT UNSIGNED, - tcp_dport SMALLINT UNSIGNED, - udp_sport SMALLINT UNSIGNED, - udp_dport SMALLINT UNSIGNED, - udp_len SMALLINT UNSIGNED, - icmp_type TINYINT UNSIGNED, - icmp_code TINYINT UNSIGNED, - icmp_echoid SMALLINT UNSIGNED, - icmp_echoseq SMALLINT UNSIGNED, - icmp_gateway INT UNSIGNED, - icmp_fragmtu SMALLINT UNSIGNED +CREATE TABLE ulog_ct ( + flow_start_sec INT UNSIGNED, + flow_start_usec INT UNSIGNED, + flow_end_sec INT UNSIGNED, + flow_end_usec INT UNSIGNED, + orig_ip_saddr INT UNSIGNED, + orig_ip_daddr INT UNSIGNED, + orig_l4_sport SMALLINT UNSIGNED, + orig_l4_dport SMALLINT UNSIGNED, + orig_ip_protocol TINYINT UNSIGNED, + icmp_type TINYINT UNSIGNED, + icmp_code TINYINT UNSIGNED, + orig_raw_pktlen INT UNSIGNED, + orig_raw_pktcount INT UNSIGNED, + reply_raw_pktlen INT UNSIGNED, + reply_raw_pktcount INT UNSIGNED, + ct_mark INT UNSIGNED + ); +CREATE TABLE ulog_pkt ( + raw_pktlen INT UNSIGNED, + raw_pktcount INT UNSIGNED, + oob_prefix VARCHAR(64), + oob_time_sec INT UNSIGNED, + oob_time_usec INT UNSIGNED, + oob_mark INT UNSIGNED, + oob_hook TINYINT UNSIGNED, + oob_uid INT UNSIGNED, + oob_gid INT UNSIGNED ); - - diff --git a/doc/sqlite3.txt b/doc/sqlite3.txt new file mode 100644 index 0000000..97e8bc9 --- /dev/null +++ b/doc/sqlite3.txt @@ -0,0 +1,7 @@ +XXX: This has to go in ulogd.sgml, later. + +To create the database file, you have to: +$ sqlite3 file.db < sqlite3.table + +To check that we are logging stuff into it correctly: +sqlite3 ulogd.sqlite3db "SELECT * from ulog" |