Database Fields

ic3kym · September 2012

Hello,

I would like to ask one thing:

I have installed OSSIM version 4.0. I have configured snare on windows in order to send syslog events to OSSIM. OSSIM receives events correctly and stores them into a table called "acid_event".

Now I would like to ask you: what is the meaning of the field "ctx" and how can I read it?

I think that this field (ctx) contains the Raw events. If I'm wrong, in which table can I find the raw events?

Thanks

ic3kym · September 2012

Update?

I have seen that data type of field "ctx" is binary(16).

Somebody knows this format and how translate this format in readble text.

Thanks

Armando · October 2012

Raw events is not there. The siem store events, not raw logs. The component who is storing raw logs is the logger (only available on professional version). If you are talking about the payload of the events, it is on the table extradata in alienvault_siem database.

Regards.

ronakb · January 9

CTX is the field which is generated everytime we login. it is specific to that event of form. you can also see it is a hidden value in source code of page. this ctx value is used in all the operations like adding host on the page newhost.php

ic3kym · January 11

thank I have solved my problem

louisslouiss · March 26

hi

@ ic3kym can you tell me how did you solvethe problem i am facing the same probleme to read that field

Howdy, Stranger!

Categories

Database Fields

Answers