Re: IDS can integrate with another RDBM that is not Oracle
First to clarify log file naming conventions.
There are the log files containing alarms (it also contains records of commands and errors), and there are iplog files which contain the binary data from packet captures.
If you are talking about the alarm logs then continue reading below, but if you are talking about iplogs (raw binary packet data) then I don't know if you really want to try loading them into a database. The iplogs generally need to be parsed and interpretted with a tool like ethereal, and even then it is more a viewable format than one that can be loaded into a database. The sensor also does not provide an automated means of retreiving the iplog files from the sensor.
If you are talking about alarm logs then read the following:
If you are using the Unix Director and not CSPM then follow the instructions in the following section of the Unix Director Config Note:
If you are using CSPM then you will have to implement most of this yourself.
The following steps are a good starting point:
1) Determine how the alarm log file will be sent to your machine running MySQL.
CSPM has a cvtnrlog script that can be run to create a log file from the alarms stored in the CSPM database. You would need to find a way to schedule cvtnrlog to run and copy the files to you MySQL machine.
Alternatively, you could use the built in automated ftp functionality of the sensor. The sensor can be configured to automatically ftp it's log files off to an ftp server every time a log file is closed. The ftp server would be the machine with MySQL. The ftp funcionality is configured within CSPM for the sensor.
2) Create the tables in your database.
The Unix Director Config Note provides the Oracle Schemas that you can convert to MySQL:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...