All be the first to admit that I'm new with mysql. I'm looking for some guidance on putting a query together.
What I have a database created by snort which is an IDS. The database information of all the packets that crossed a network segment. For example IP src address, IP destination address, tcp & udp & icmp header info, port numbers. Basically what happens is a packet goes by and its signature is logged ie the ip address, type of protocol and port that this occured on. As well the length is logged in each entry. Everything on ip is put in an iphdr table, tcp is put in a tcphdr table, udp is put in a udphdr table, and icmp is put in a icmphdr table. They all share a primary key of the incident id ... a sequentially increasing index. Now my problem is trying to add up the total amount of traffic to each port. I know how to add up the total amount of traffic is a port matches say port 412 or port 80. But I need to figure out how to look at each entry and then almost create another table and keep a running total of what was seen per port. The table is going to get pretty big as there is 65K possible ports. Even worse is the database is 2Gigs in size. Any help would be appreciated. Greg PS Maybe this isn't to clear. I do have a png er diagram of the database. --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
