search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.33k stars 1.02k forks source link

* insert into db true NULLs instead string "NULL" #2105

Open AdUser opened 7 months ago

AdUser commented 7 months ago

This patch changes insertion of srcip/dstip alert fields to database table from "NULL" (varchar string) value to true sql NULLs. it takes less space in table and add ability to use IS NULL/NOT NULL/... sql expressions instead slower string comparision.

CREATE TABLE alert
    (
   ...
    src_ip          VARCHAR(46), -- nullable
    dst_ip          VARCHAR(46), -- nullable
    ...
    );
AdUser commented 7 months ago

P.S. This patch tested with postgresql database about ten months, and have no issues in my ossec setup, but feel free to do more testing if you consider so.