ossec-hids icon indicating copy to clipboard operation
ossec-hids copied to clipboard
verified publisher icon ossec

* insert into db true NULLs instead string "NULL"

Open AdUser opened this issue 2 years ago • 1 comments

This patch changes insertion of srcip/dstip alert fields to database table from "NULL" (varchar string) value to true sql NULLs. it takes less space in table and add ability to use IS NULL/NOT NULL/... sql expressions instead slower string comparision.

CREATE TABLE alert
    (
   ...
    src_ip          VARCHAR(46), -- nullable
    dst_ip          VARCHAR(46), -- nullable
    ...
    );

AdUser avatar Nov 24 '23 02:11 AdUser

P.S. This patch tested with postgresql database about ten months, and have no issues in my ossec setup, but feel free to do more testing if you consider so.

AdUser avatar Nov 24 '23 02:11 AdUser