OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
This patch changes insertion of srcip/dstip alert fields to database table from "NULL" (varchar string) value to true sql NULLs.
it takes less space in table and add ability to use IS NULL/NOT NULL/... sql expressions instead slower string comparision.
P.S. This patch tested with postgresql database about ten months, and have no issues in my ossec setup, but feel free to do more testing if you consider so.
This patch changes insertion of srcip/dstip alert fields to database table from "NULL" (varchar string) value to true sql NULLs. it takes less space in table and add ability to use IS NULL/NOT NULL/... sql expressions instead slower string comparision.