So you don't have a variable number of fields, all cases can be represented as:conduit permit tcp host 192.168.1.1 eq www any (hitcnt=57476) |1| | 2 | |3| |4| | 5 | conduit permit tcp host 192.168.1.1 eq 139 host 192.168.2.1 (hitcnt=2) |1| | 2 | |3| | 4 | | 5 |
$protocol, $server, $port, $client, $hits
See the 'www' and 139 are no different; 'www' is just a label to port 80. As well, 'any' is just a special case of host aaa.bbb.ccc.ddd as it represents all the valid IPs (or host *).
You might want to consider representing the ip as an ip/mask (decimal mask) in the database so the special case of 'any' can be easily represented in a not null manner. This will also help if your firewall allows designation by named IP groups and ranges for rulesets. If no data in any given field will be null (NOT NULL speced in table creation) many more indexing and relation options become open. You can then easily create lookup tables so that 'www' maps to '80', or an IP is mapped to a named person (ie. an admin or employee), or a whole IP range is named given your firewall supports named groups as stated before (if you want more info on db normalisation, the various relationship types and constraints feel free to /msg me and I'll bore you to death about them).
In reply to Re: Variable number of words/fields in a line/record
by Arguile
in thread Variable number of words/fields in a line/record
by Tuna
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |