0
我想要一个查询,将所有相同的列分组,并在我的输出中有一个额外的列,每个独特的总数与下面的输出类似?如何返回总结类似外观的查询?
sig_id ip_src ip_dst sig_name timestamp
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
我希望我的输出是这样的:
sig_id ip_src ip_dst sig_name timestamp num
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 4
sig_id ip_src ip_dst sig_name timestamp num
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 4
这里是我已经试过了查询,但它是完全错误的:
select
signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst),
signature.sig_name, event.timestamp, count(*) as num
from
signature
join
event on signature.sig_id = event.signature
join
iphdr on event.sid = iphdr.sid
group by
signature;
返回
sig_id ip_src ip_dst sig_name timestamp num
501 192.168.0.1 192.168.0.103 DNS SPOOF query response with TTL of 1 min. and no authority 2010-08-23 21:43:37 5236
502 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB newpost.php access 2010-08-23 21:45:39 238
503 192.168.0.1 192.168.0.103 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:47:12 1428
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 119
505 192.168.0.1 192.168.0.103 MS-SQL version overflow attempt 2003-09-05 06:14:33 2261
506 192.168.0.1 192.168.0.103 NETBIOS SMB repeated logon failure 2003-09-06 14:11:57 4879
你正在处理的查询在哪里?你有什么尝试? – gitsitgo
@gitsitgo增加了它大声笑..它可怕的寿ha hahah – BuzzLightYear
比没有好,;)。告诉我们你实际上已经尝试了一些东很高兴你有你的答案! – gitsitgo