• Support
  • Forums
  • Blogs

Important Announcement

AlienVault v4.15.2 is now available for USM and OSSIM. Learn more!

Database Fields

edited September 2012 in Deployment Architecture
Hello,
I would like to ask one thing:
I have installed OSSIM version 4.0. I have configured snare on windows in order to send syslog events to OSSIM. OSSIM receives events correctly and stores them into a table called "acid_event".
Now I would like to ask you: what is the meaning of the field "ctx" and how can I read it?
I think that this field (ctx) contains the Raw events. If I'm wrong, in which table can I find the raw events?

Thanks  

Answers

  • Update?

    I have seen that data type of field "ctx" is binary(16).
    Somebody knows this format and how translate this format in readble text.

    Thanks
  • Raw events is not there. The siem store events, not raw logs. The component who is storing raw logs is the logger (only available on professional version).  If you are talking about the payload of the events, it is on the table extradata in alienvault_siem database.

    Regards.
  • edited January 2013
    CTX is the field which is generated everytime we login. it is specific to that event of form. you can also see it is a hidden value in source code of page. this ctx value is used in all the operations like adding host on the page newhost.php
  • thank I have solved my problem
  • hi 
    @ ic3kym can you tell me how did you solvethe problem i am facing the same probleme to read that field
  • mysql> select hex(ctx) from acid_event;
    +----------------------------------+
    | hex(ctx)                         |
    +----------------------------------+
    | CACF632A40E711E391AC080027C279C0 |
    | CACF632A40E711E391AC080027C279C0 |
    | CACF632A40E711E391AC080027C279C0 |
    | CACF632A40E711E391AC080027C279C0 |
    | CACF632A40E711E391AC080027C279C0 |
    +----------------------------------+
    5 rows in set (0.00 sec)

Sign In or Register to comment.