MonitorWare Knowledge Base

Hello,
First off, I am a Linux newbie so please explain answers in great detail so I can understand.

Basics:
I am trying to use Rsyslog, MySql, and LogCon to create a IPtables log viewer that give more detail than the basic setup. Something similar to CheckPoint log viewer. I setup the basics to ensure it works and it does. LogCon see the messages in the database.

System Configurations:
Firewall
Ubuntu Jaunty (stipped down version for virtual install)
Rsyslog 4.4.2
IPtables 1.4.1.1-4

Management
Ubuntu Jaunty
Rsyslog 4.4.2
FWbuilder 3.07
PHP5
MySQL5
LogCon 2.8.0

Basic Setup:
I configured the firewall's Rsyslog to parse only firewall rules and send them to the management station. The management station then sends them to the default Syslog database, configured by Rsyslog. LogCon can view these logs via the default setup.

Customization:
I configured a custom database with the fields that I wanted to capture. I then created a Rsyslog template to push those messages into the custom DB in the correct fields (This all works fine). I then setup a new site for LogCon with Admin Panel enabled. I then configured a new source, custom fields, views, and DBmappings to match the database.

Issues:
1. When I view the events (with my original source which has TableType=MonitorWare), I see all the custom fields with my custom view but no data. All the rows are empty.
2. I changed the source to use my custom DBmappings (TableType=ELF Mapping). Now when I try to view events, I get "no syslog records found".

Questions:
1. Does LogCon support what I am trying to do? As far as I can tell, that was one of the major features for V2.7 release.
2. Where are the configurations saved? I know since I enabled the Admin Panel, the custom configs are in the tables in the database. What about the config.php file. Is that still used? Does something have to be modified in that?

Thanks

CustomSource
[img][/img]


CustomMappings
[img][/img]


CustomDB
[img][/img]

• Custom phpLogCon configuration?
• Maintenance Contract?
• Installation support?

Hi,

a very interesting setup. In order to get it to work, you will need to these basic mappings for these fields:
SYSLOG_UID
SYSLOG_DATE
SYSLOG_MESSAGE

These fields are mandetory for phpLogCon in order to work.

As far as I can see, you can map them to these database fields:
SYSLOG_UID => EFL_ID (ID)
SYSLOG_DATE => EFL_DATE (DATE)
SYSLOG_MESSAGE => A dummy field maybe?

Once you have mappings for these fields, you should see rows in phpLogCon.

best regards,
Andre Lorbach

Hi,

this looks very interesting. Would you provide the rsyslog configuration so that I can include it as a very good use case into rsyslog itself (with full credits, of course ).

Thanks,
Rainer

Hi Alorbach,
So if I am understanding you, these fields are mandetory for the rest of the of the fields to work or only these mandoratory fields will work? I will change my mappings to see what results I get.
Thanks

Hi Rgerhards,
Here is the Rsyslog template. I actually got most of this template from a post between yourself and liangjun.

This is the template that resides on the management station. (once I can get all working, then I will add TLS)

Code: Select all

### Configuration file for rsyslog-mysql
### Changes are preserved

### Module Control
### Load the MySQL connection module
$ModLoad ommysql

### Template Control
### Use the custom LogFilter template with Rsyslog to populate the MySQL database
$template logfilter_template, "INSERT INTO LOGFILTER_TBL (DATE, TIME, SYSTEM, ACTION, RULE, INT_IN, SRC_IP, SRC_PORT, PROTO, INT_OUT, DST_IP, DST_PORT, MAC, TOS, TTL) values ('%timegenerated:1:10:date-mysql%', '%timegenerated:12:19:date-mysql%', '%hostname%', '%msg:F,32:6%', '%msg:R,ERE,1,BLANK,0:RULE ([0-9]+)--end%', '%msg:R,ERE,1,BLANK,0:IN=([0-9a-z]+)--end%', '%msg:R,ERE,1,BLANK,0:SRC=([0-9\.]+)--end%', '%msg:R,ERE,1,BLANK,0:SPT=([0-9]+)--end%', '%msg:R,ERE,1,BLANK,0:PROTO=([0-9a-zA-Z]+)--end%', '%msg:R,ERE,1,BLANK,0:OUT=([0-9a-z]+)--end%', '%msg:R,ERE,1,BLANK,0:DST=([0-9\.]+)--end%', '%msg:R,ERE,1,BLANK,0:DPT=([0-9]+)--end%', '%msg:R,ERE,1,BLANK,0:MAC=([0-9a-f\:]+)--end%', '%msg:R,ERE,1,BLANK,0:TOS=(0x[0-9a-f]+)--end%', '%msg:R,ERE,1,BLANK,0:TTL=([0-9]+)--end%')",SQL



### Message Rule Control
### Only post messages that meet the following criteria
:msg, contains, "RULE" :ommysql:localhost,logfilter,rsyslog,%password%;logfilter_template
& ~

All fields will work, but you will need to map these basic fields as phpLogCon needs them for sorting, displaying and so on.

best regards
Andre Lorbach

Hi Alorbach,
I have setup the new view, source and mappings:
SYSLOG_UID => EFL_ID (ID)
SYSLOG_DATE => EFL_DATE (DATE)
SYSLOG_MESSAGE => MSG (dummy column in DB setup CHAR(5) default=LOG)

Issue:
Now when I click "show events" my new view comes up (which before I was getting "no syslog records found" error) but my rows are empty. I have added new data into the database since the changes. The interesting thing is the amount of rows displayed in LogCon match the amount of rows in the database (indicates that LogCon is taliking to the database).

Am I missing a custom search with this setup to produce the view?
Thanks

Hi,

thats odd. Is it possible to send me sql exports of these phpLogCon userdb tables along with some sample records of your custom syslog data table? Then I can setup your configuration in my lab and perform some tests.

best regards,
Andre Lorbach

PS: You can send them to alorbach@adiscon.com

Hi,
I am trying to attach a backup of the DB but the site will not allow me to. Is there an email I can send it to?
Thanks
B

Hi,
I think I have a clue. I went and manually edited the datamappings in config file for MonitorWare (Made MonitorWare look exactly like my custom mappings that was made in the Admin Centre). LogCon will now display using my database with my view. There seems to be an issue with LogCon reading or understanding the custom mappings from the database (where they are stored).
Thanks
B

This is what my constants_logstream.php MonitorWare mappings portion looks like.

Code: Select all

// --- Define default Database field mappings!
$dbmapping['monitorware']['ID'] = "monitorware";
$dbmapping['monitorware']['DisplayName'] = "MonitorWare";
$dbmapping['monitorware']['DBMAPPINGS'][SYSLOG_UID] = "ID";
$dbmapping['monitorware']['DBMAPPINGS'][SYSLOG_DATE] = "DATE";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_TIME] = "TIME";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_SYSTEM] = "SYSTEM";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_ACTION] = "ACTION";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_RULE] = "RULE";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_SRC_IP] = "SRC_IP";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_SRC_PORT] = "SRC_PORT";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_PROTO] = "PROTO";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_INT_OUT] = "INT_OUT";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_DST_IP] = "DST_IP";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_DST_PORT] = "DST_PORT";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_MAC] = "MAC";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_TOS] = "TOS";
$dbmapping['monitorware']['DBMAPPINGS'][EFL_TTL] = "TTL";
$dbmapping['monitorware']['DBMAPPINGS'][SYSLOG_MESSAGE] = "MSG";
//$dbmapping['monitorware']['DBMAPPINGS'][SYSLOG_PROCESSID] = "ProcessID";

Hi,

so it may is a bug then, it would be helpful if you could send exports of your following userdb tables then:
logcon_views, logcon_dbmappings, logcon_fields

Btw, you do not need to replace the existing DB Mapping in the constants_logstream.php file, you can create your own there using these variables:
$dbmapping['efl_mappings'] ...

best regards,
Andre Lorbach

Here are the exports.

Here is an export of the entire backend:

Code: Select all

-- MySQL Administrator dump 1.4
--
-- ------------------------------------------------------
-- Server version   5.1.41-3~bpo50+1-log


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;


--
-- Create schema EFL_DB
--

CREATE DATABASE IF NOT EXISTS EFL_DB;
USE EFL_DB;

--
-- Definition of table `EFL_DB`.`EFL_FWLOGS_TBL`
--

DROP TABLE IF EXISTS `EFL_DB`.`EFL_FWLOGS_TBL`;
CREATE TABLE  `EFL_DB`.`EFL_FWLOGS_TBL` (
  `ID` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `DATE` datetime DEFAULT NULL,
  `TIME` time DEFAULT NULL,
  `SYSTEM` varchar(30) DEFAULT NULL,
  `ACTION` varchar(20) DEFAULT NULL,
  `RULE` int(10) unsigned DEFAULT NULL,
  `INT_IN` varchar(10) DEFAULT NULL,
  `SRC_IP` varchar(20) DEFAULT NULL,
  `SRC_PORT` int(10) unsigned DEFAULT NULL,
  `PROTO` varchar(10) DEFAULT NULL,
  `INT_OUT` varchar(20) DEFAULT NULL,
  `DST_IP` varchar(20) DEFAULT NULL,
  `DST_PORT` int(10) unsigned DEFAULT NULL,
  `MAC` varchar(50) DEFAULT NULL,
  `TOS` varchar(8) DEFAULT NULL,
  `TTL` int(10) unsigned DEFAULT NULL,
  `SEQ` bigint(20) unsigned DEFAULT NULL,
  `MSG` char(5) DEFAULT NULL,
  PRIMARY KEY (`ID`),
  KEY `ID_IDX` (`ID`),
  KEY `INT_IN_IDX` (`INT_IN`),
  KEY `INT_OUT_IDX` (`INT_OUT`),
  KEY `SRC_IP_IDX` (`SRC_IP`),
  KEY `DST_IP_IDX` (`DST_IP`),
  KEY `SYSTEM_IDX` (`SYSTEM`),
  KEY `ACTION_IDX` (`ACTION`),
  KEY `RULE_IDX` (`RULE`),
  KEY `PROTO_IDX` (`PROTO`)
) ENGINE=MyISAM AUTO_INCREMENT=100 DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC;

--
-- Dumping data for table `EFL_DB`.`EFL_FWLOGS_TBL`
--

/*!40000 ALTER TABLE `EFL_FWLOGS_TBL` DISABLE KEYS */;
LOCK TABLES `EFL_FWLOGS_TBL` WRITE;
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (1,'2010-02-08 00:00:00','15:22:39','cdamgmtfw001','ACCEPT',3,'eth1','10.10.100.13',0,'ICMP','','10.10.100.12',0,'00:50:56:83:71:56:00:50:56:83:6b:b5:08:00','0x00',64,NULL,'LOG'),
(2,'2010-02-08 00:00:00','15:22:39','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',52692,'TCP','eth1','10.10.100.13',514,'','0x00',64,NULL,'LOG'),
(3,'2010-02-08 00:00:00','15:22:39','cdamgmtfw001','ACCEPT',14,'eth1','10.10.100.13',5353,'UDP','','224.0.0.251',5353,'01:00:5e:00:00:fb:00:50:56:83:6b:b5:08:00','0x00',255,NULL,'LOG'),
(4,'2010-02-08 00:00:00','15:22:39','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(5,'2010-02-08 00:00:00','15:22:39','cdamgmtfw001','ACCEPT',14,'eth1','10.10.100.12',5353,'UDP','','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(6,'2010-02-08 00:00:00','15:22:40','cdamgmtfw001','ACCEPT',3,'eth1','10.10.100.13',0,'ICMP','','10.10.100.12',0,'00:50:56:83:71:56:00:50:56:83:6b:b5:08:00','0x00',64,NULL,'LOG'),
(7,'2010-02-08 15:29:30','15:29:30','cdamgmtfw001','ACCEPT',3,'eth1','10.10.100.13',0,'ICMP','','10.10.100.12',0,'00:50:56:83:71:56:00:50:56:83:6b:b5:08:00','0x00',64,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (8,'2010-02-08 15:29:31','15:29:31','cdamgmtfw001','ACCEPT',3,'eth1','10.10.100.13',0,'ICMP','','10.10.100.12',0,'00:50:56:83:71:56:00:50:56:83:6b:b5:08:00','0x00',64,NULL,'LOG'),
(9,'2010-02-08 15:29:32','15:29:32','cdamgmtfw001','ACCEPT',3,'eth1','10.10.100.13',0,'ICMP','','10.10.100.12',0,'00:50:56:83:71:56:00:50:56:83:6b:b5:08:00','0x00',64,NULL,'LOG'),
(10,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',56482,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(11,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(12,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','DENY',0,'eth2','10.10.200.199',5353,'UDP','','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(13,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(14,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'eth1','10.10.100.12',5353,'UDP','','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(15,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (16,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'eth1','10.10.100.12',5353,'UDP','','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(17,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(18,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','DENY',0,'eth2','10.10.200.199',5353,'UDP','','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(19,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(20,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'eth1','10.10.100.12',5353,'UDP','','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(21,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(22,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'eth1','10.10.100.12',5353,'UDP','','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(23,'2010-02-08 15:32:05','15:32:05','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',36538,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (24,'2010-02-08 15:32:06','15:32:06','cdamgmtfw001','ACCEPT',14,'','10.10.100.12',48301,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(25,'2010-02-08 15:32:09','15:32:09','cdamgmtfw001','DENY',14,'eth1','10.10.100.10',138,'UDP','','10.10.100.255',138,'ff:ff:ff:ff:ff:ff:00:0c:29:a1:59:f7:08:00','0x00',128,NULL,'LOG'),
(26,'2010-02-08 15:32:33','15:32:33','cdamgmtfw001','ACCEPT',3,'eth1','10.10.100.13',0,'ICMP','','10.10.100.12',0,'00:50:56:83:71:56:00:50:56:83:6b:b5:08:00','0x00',64,NULL,'LOG'),
(27,'2010-02-08 15:32:34','15:32:34','cdamgmtfw001','ACCEPT',3,'eth1','10.10.100.13',0,'ICMP','','10.10.100.12',0,'00:50:56:83:71:56:00:50:56:83:6b:b5:08:00','0x00',64,NULL,'LOG'),
(28,'2010-02-08 15:32:35','15:32:35','cdamgmtfw001','ACCEPT',3,'eth1','10.10.100.13',0,'ICMP','','10.10.100.12',0,'00:50:56:83:71:56:00:50:56:83:6b:b5:08:00','0x00',64,NULL,'LOG'),
(29,'2010-02-08 15:34:29','15:34:29','cdamgmtfw001','DENY',14,'eth1','10.10.100.10',138,'UDP','','10.10.100.255',138,'ff:ff:ff:ff:ff:ff:00:0c:29:a1:59:f7:08:00','0x00',128,NULL,'LOG'),
(30,'2010-02-08 15:36:14','15:36:14','cdamgmtfw001','DENY',14,'','10.10.100.12',38600,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (31,'2010-02-08 15:36:14','15:36:14','cdamgmtfw001','DENY',14,'','10.10.100.12',46878,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(32,'2010-02-08 15:36:15','15:36:15','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(33,'2010-02-08 15:36:15','15:36:15','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(34,'2010-02-08 15:36:16','15:36:16','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(35,'2010-02-08 15:36:16','15:36:16','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(36,'2010-02-08 15:36:18','15:36:18','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(37,'2010-02-08 15:36:18','15:36:18','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(38,'2010-02-08 15:38:56','15:38:56','cdamgmtfw001','DENY',14,'','10.10.100.12',33830,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (39,'2010-02-08 15:38:56','15:38:56','cdamgmtfw001','DENY',14,'','10.10.100.12',33622,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(40,'2010-02-08 15:38:56','15:38:56','cdamgmtfw001','DENY',14,'','10.10.100.12',43263,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(41,'2010-02-08 15:38:56','15:38:56','cdamgmtfw001','DENY',14,'','10.10.100.12',47933,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(42,'2010-02-08 15:38:58','15:38:58','cdamgmtfw001','DENY',14,'','10.10.100.12',50741,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(43,'2010-02-08 15:38:58','15:38:58','cdamgmtfw001','DENY',14,'','10.10.100.12',55442,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(44,'2010-02-08 15:38:58','15:38:58','cdamgmtfw001','DENY',14,'','10.10.100.12',50701,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(45,'2010-02-08 15:38:58','15:38:58','cdamgmtfw001','DENY',14,'','10.10.100.12',52270,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(46,'2010-02-08 15:40:04','15:40:04','cdamgmtfw001','DENY',14,'','10.10.100.12',33587,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (47,'2010-02-08 15:40:04','15:40:04','cdamgmtfw001','DENY',14,'','10.10.100.12',55631,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(48,'2010-02-08 15:40:04','15:40:04','cdamgmtfw001','DENY',14,'','10.10.100.12',58312,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(49,'2010-02-08 15:40:04','15:40:04','cdamgmtfw001','DENY',14,'','10.10.100.12',53022,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(50,'2010-02-08 15:43:23','15:43:23','cdamgmtfw001','DENY',14,'','10.10.100.12',60004,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(51,'2010-02-08 15:43:23','15:43:23','cdamgmtfw001','DENY',14,'','10.10.100.12',45077,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(52,'2010-02-08 15:43:23','15:43:23','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(53,'2010-02-08 15:43:23','15:43:23','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(54,'2010-02-08 15:43:24','15:43:24','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (55,'2010-02-08 15:43:24','15:43:24','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(56,'2010-02-08 15:43:26','15:43:26','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(57,'2010-02-08 15:43:26','15:43:26','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(58,'2010-02-08 15:43:29','15:43:29','cdamgmtfw001','DENY',14,'','10.10.100.12',41756,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(59,'2010-02-08 15:43:29','15:43:29','cdamgmtfw001','DENY',14,'','10.10.100.12',40533,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(60,'2010-02-08 15:43:30','15:43:30','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(61,'2010-02-08 15:43:30','15:43:30','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(62,'2010-02-08 15:43:35','15:43:35','cdamgmtfw001','DENY',14,'','10.10.100.12',38768,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (63,'2010-02-08 15:43:35','15:43:35','cdamgmtfw001','DENY',14,'','10.10.100.12',35299,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(64,'2010-02-08 15:43:38','15:43:38','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(65,'2010-02-08 15:43:38','15:43:38','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(66,'2010-02-08 15:44:10','15:44:10','cdamgmtfw001','DENY',7,'eth1','10.10.100.10',138,'UDP','','10.10.100.255',138,'ff:ff:ff:ff:ff:ff:00:0c:29:a1:59:f7:08:00','0x00',128,NULL,'LOG'),
(67,'2010-02-08 15:45:26','15:45:26','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',55113,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(68,'2010-02-08 15:45:26','15:45:26','cdamgmtfw001','ACCEPT',6,'','10.10.200.199',48685,'TCP','eth2','65.55.17.25',80,'','0x00',64,NULL,'LOG'),
(69,'2010-02-08 15:45:29','15:45:29','cdamgmtfw001','ACCEPT',6,'','10.10.200.199',48685,'TCP','eth2','65.55.17.25',80,'','0x00',64,NULL,'LOG'),
(70,'2010-02-08 15:45:48','15:45:48','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',37836,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (71,'2010-02-08 15:45:48','15:45:48','cdamgmtfw001','ACCEPT',6,'','10.10.200.199',54588,'TCP','eth2','66.249.91.104',80,'','0x00',64,NULL,'LOG'),
(72,'2010-02-08 15:45:51','15:45:51','cdamgmtfw001','ACCEPT',6,'','10.10.200.199',54588,'TCP','eth2','66.249.91.104',80,'','0x00',64,NULL,'LOG'),
(73,'2010-02-08 15:49:14','15:49:14','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',37719,'UDP','eth1','10.10.100.10',53,'','0x00',64,NULL,'LOG'),
(74,'2010-02-08 15:49:14','15:49:14','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(75,'2010-02-08 15:49:14','15:49:14','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(76,'2010-02-08 15:49:15','15:49:15','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(77,'2010-02-08 15:49:15','15:49:15','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(78,'2010-02-08 15:49:17','15:49:17','cdamgmtfw001','DENY',14,'','10.10.200.199',5353,'UDP','eth2','224.0.0.251',5353,'','0x00',255,NULL,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (79,'2010-02-08 15:49:17','15:49:17','cdamgmtfw001','DENY',14,'','10.10.100.12',5353,'UDP','eth1','224.0.0.251',5353,'','0x00',255,NULL,'LOG'),
(80,'2010-02-08 15:49:29','15:49:29','cdamgmtfw001','DENY',7,'eth1','10.10.100.10',138,'UDP','','10.10.100.255',138,'ff:ff:ff:ff:ff:ff:00:0c:29:a1:59:f7:08:00','0x00',128,NULL,'LOG'),
(81,'2010-02-08 16:50:52','16:50:52','cdamgmtfw001','ACCEPT',15,'','10.10.100.12',33661,'TCP','eth1','10.10.100.13',22,'','0x00',64,2653579626,'LOG'),
(82,'2010-02-08 16:50:52','16:50:52','cdamgmtfw001','ACCEPT',7,'','10.10.100.12',48112,'TCP','eth1','10.10.100.13',514,'','0x00',64,2653518708,'LOG'),
(83,'2010-02-08 16:50:52','16:50:52','cdamgmtfw001','DENY',8,'eth1','10.10.100.13',5353,'UDP','','224.0.0.251',5353,'01:00:5e:00:00:fb:00:50:56:83:6b:b5:08:00','0x00',255,0,'LOG'),
(84,'2010-02-08 16:50:52','16:50:52','cdamgmtfw001','ACCEPT',15,'','10.10.100.12',33663,'TCP','eth1','10.10.100.13',22,'','0x00',64,2669187278,'LOG'),
(85,'2010-02-08 16:50:52','16:50:52','cdamgmtfw001','ACCEPT',15,'','10.10.100.12',33664,'TCP','eth1','10.10.100.13',22,'','0x00',64,2676064622,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (86,'2010-02-08 16:50:52','16:50:52','cdamgmtfw001','DENY',8,'eth1','10.10.100.13',5353,'UDP','','224.0.0.251',5353,'01:00:5e:00:00:fb:00:50:56:83:6b:b5:08:00','0x00',255,0,'LOG'),
(87,'2010-02-08 16:50:52','16:50:52','cdamgmtfw001','ACCEPT',15,'','10.10.100.12',33665,'TCP','eth1','10.10.100.13',22,'','0x00',64,2686666814,'LOG'),
(88,'2010-02-08 16:50:52','16:50:52','cdamgmtfw001','DENY',8,'eth1','10.10.100.13',5353,'UDP','','224.0.0.251',5353,'01:00:5e:00:00:fb:00:50:56:83:6b:b5:08:00','0x00',255,0,'LOG'),
(89,'2010-02-08 16:56:13','16:56:13','cdamgmtfw001','DENY',8,'eth1','10.10.100.10',138,'UDP','','10.10.100.255',138,'ff:ff:ff:ff:ff:ff:00:0c:29:a1:59:f7:08:00','0x00',128,0,'LOG'),
(90,'2010-02-08 16:59:26','16:59:26','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',55142,'UDP','eth1','10.10.100.10',53,'','0x00',64,0,'LOG'),
(91,'2010-02-08 16:59:26','16:59:26','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',42810,'TCP','eth1','74.125.93.138',80,'','0x00',64,2209973244,'LOG'),
(92,'2010-02-08 16:59:26','16:59:26','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',60395,'UDP','eth1','10.10.100.10',53,'','0x00',64,0,'LOG');
INSERT INTO `EFL_DB`.`EFL_FWLOGS_TBL` VALUES  (93,'2010-02-08 16:59:26','16:59:26','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',35771,'TCP','eth1','74.125.110.19',80,'','0x00',64,2221004897,'LOG'),
(94,'2010-02-08 17:00:31','17:00:31','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',35772,'TCP','eth1','74.125.110.19',80,'','0x00',64,3228405249,'LOG'),
(95,'2010-02-08 17:01:38','17:01:38','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',40921,'UDP','eth1','10.10.100.10',53,'','0x00',64,0,'LOG'),
(96,'2010-02-08 17:01:38','17:01:38','cdamgmtfw001','ACCEPT',6,'','10.10.100.12',53163,'TCP','eth1','74.125.110.31',80,'','0x00',64,4279962148,'LOG'),
(97,'2010-02-08 17:04:29','17:04:29','cdamgmtfw001','DENY',8,'eth1','10.10.100.10',138,'UDP','','10.10.100.255',138,'ff:ff:ff:ff:ff:ff:00:0c:29:a1:59:f7:08:00','0x00',128,0,'LOG'),
(98,'2010-02-08 17:08:13','17:08:13','cdamgmtfw001','DENY',8,'eth1','10.10.100.10',138,'UDP','','10.10.100.255',138,'ff:ff:ff:ff:ff:ff:00:0c:29:a1:59:f7:08:00','0x00',128,0,'LOG'),
(99,'2010-02-08 17:19:29','17:19:29','cdamgmtfw001','DENY',8,'eth1','10.10.100.10',138,'UDP','','10.10.100.255',138,'ff:ff:ff:ff:ff:ff:00:0c:29:a1:59:f7:08:00','0x00',128,0,'LOG');
UNLOCK TABLES;
/*!40000 ALTER TABLE `EFL_FWLOGS_TBL` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`SystemEvents`
--

DROP TABLE IF EXISTS `EFL_DB`.`SystemEvents`;
CREATE TABLE  `EFL_DB`.`SystemEvents` (
  `ID` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `CustomerID` bigint(20) DEFAULT NULL,
  `ReceivedAt` datetime DEFAULT NULL,
  `DeviceReportedTime` datetime DEFAULT NULL,
  `Facility` smallint(6) DEFAULT NULL,
  `Priority` smallint(6) DEFAULT NULL,
  `FromHost` varchar(60) DEFAULT NULL,
  `Message` text,
  `NTSeverity` int(11) DEFAULT NULL,
  `Importance` int(11) DEFAULT NULL,
  `EventSource` varchar(60) DEFAULT NULL,
  `EventUser` varchar(60) DEFAULT NULL,
  `EventCategory` int(11) DEFAULT NULL,
  `EventID` int(11) DEFAULT NULL,
  `EventBinaryData` text,
  `MaxAvailable` int(11) DEFAULT NULL,
  `CurrUsage` int(11) DEFAULT NULL,
  `MinUsage` int(11) DEFAULT NULL,
  `MaxUsage` int(11) DEFAULT NULL,
  `InfoUnitID` int(11) DEFAULT NULL,
  `SyslogTag` varchar(60) DEFAULT NULL,
  `EventLogType` varchar(60) DEFAULT NULL,
  `GenericFileName` varchar(60) DEFAULT NULL,
  `SystemID` int(11) DEFAULT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `EFL_DB`.`SystemEvents`
--

/*!40000 ALTER TABLE `SystemEvents` DISABLE KEYS */;
LOCK TABLES `SystemEvents` WRITE;
UNLOCK TABLES;
/*!40000 ALTER TABLE `SystemEvents` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`SystemEventsProperties`
--

DROP TABLE IF EXISTS `EFL_DB`.`SystemEventsProperties`;
CREATE TABLE  `EFL_DB`.`SystemEventsProperties` (
  `ID` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `SystemEventID` int(11) DEFAULT NULL,
  `ParamName` varchar(255) DEFAULT NULL,
  `ParamValue` text,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `EFL_DB`.`SystemEventsProperties`
--

/*!40000 ALTER TABLE `SystemEventsProperties` DISABLE KEYS */;
LOCK TABLES `SystemEventsProperties` WRITE;
UNLOCK TABLES;
/*!40000 ALTER TABLE `SystemEventsProperties` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_charts`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_charts`;
CREATE TABLE  `EFL_DB`.`logcon_charts` (
  `ID` int(11) NOT NULL AUTO_INCREMENT,
  `DisplayName` varchar(255) NOT NULL,
  `chart_enabled` tinyint(1) NOT NULL DEFAULT '1',
  `chart_type` int(11) NOT NULL,
  `chart_width` int(11) NOT NULL,
  `chart_field` varchar(255) NOT NULL,
  `maxrecords` int(11) NOT NULL,
  `showpercent` tinyint(1) NOT NULL,
  `userid` int(11) DEFAULT NULL,
  `groupid` int(11) DEFAULT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COMMENT='This table contains all configured charts';

--
-- Dumping data for table `EFL_DB`.`logcon_charts`
--

/*!40000 ALTER TABLE `logcon_charts` DISABLE KEYS */;
LOCK TABLES `logcon_charts` WRITE;
INSERT INTO `EFL_DB`.`logcon_charts` VALUES  (1,'Top Hosts',1,3,400,'FROMHOST',10,0,NULL,NULL),
(2,'SyslogTags',1,1,400,'syslogtag',10,0,NULL,NULL),
(3,'Severity Occurences',1,2,400,'syslogseverity',10,1,NULL,NULL),
(4,'Usage by Day',1,1,400,'timereported',10,1,NULL,NULL);
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_charts` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_config`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_config`;
CREATE TABLE  `EFL_DB`.`logcon_config` (
  `propname` varchar(32) NOT NULL,
  `propvalue` varchar(255) DEFAULT NULL,
  `propvalue_text` text,
  `is_global` tinyint(1) NOT NULL,
  `userid` int(11) DEFAULT NULL,
  `groupid` int(11) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Table to store global and user specific configurations';

--
-- Dumping data for table `EFL_DB`.`logcon_config`
--

/*!40000 ALTER TABLE `logcon_config` DISABLE KEYS */;
LOCK TABLES `logcon_config` WRITE;
INSERT INTO `EFL_DB`.`logcon_config` VALUES  ('database_installedversion','8',NULL,1,NULL,NULL),
('ViewDefaultLanguage','en','',1,NULL,NULL),
('ViewDefaultTheme','default','',1,NULL,NULL),
('ViewUseTodayYesterday','0','',1,NULL,NULL),
('ViewEnableDetailPopups','1','',1,NULL,NULL),
('EnableIPAddressResolve','0','',1,NULL,NULL),
('MiscShowDebugMsg','0','',1,NULL,NULL),
('MiscShowDebugGridCounter','0','',1,NULL,NULL),
('MiscShowPageRenderStats','1','',1,NULL,NULL),
('MiscEnableGzipCompression','1','',1,NULL,NULL),
('SuppressDuplicatedMessages','0','',1,NULL,NULL),
('TreatNotFoundFiltersAsTrue','0','',1,NULL,NULL),
('ViewMessageCharacterLimit','80','',1,NULL,NULL),
('ViewStringCharacterLimit','30','',1,NULL,NULL),
('ViewEntriesPerPage','100','',1,NULL,NULL),
('ViewEnableAutoReloadSeconds','0','',1,NULL,NULL),
('PopupMenuTimeout','3000','',1,NULL,NULL),
('PrependTitle','','',1,NULL,NULL),
('SearchCustomButtonCaption','I\'d like to feel sad','',1,NULL,NULL),
('SearchCustomButtonSearch','error','',1,NULL,NULL),
('DefaultViewsID','SYSLOG','',1,NULL,NULL);
INSERT INTO `EFL_DB`.`logcon_config` VALUES  ('DefaultSourceID','1','',1,NULL,NULL),
('DebugUserLogin','0','',1,NULL,NULL),
('MiscDebugToSyslog','0','',1,NULL,NULL),
('MiscMaxExecutionTime','30','',1,NULL,NULL),
('InjectHtmlHeader','','',1,NULL,NULL),
('InjectBodyHeader','','',1,NULL,NULL),
('InjectBodyFooter','','',1,NULL,NULL),
('PhplogconLogoUrl','','',1,NULL,NULL);
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_config` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_dbmappings`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_dbmappings`;
CREATE TABLE  `EFL_DB`.`logcon_dbmappings` (
  `ID` int(11) NOT NULL AUTO_INCREMENT,
  `DisplayName` varchar(64) NOT NULL,
  `Mappings` varchar(1024) NOT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `EFL_DB`.`logcon_dbmappings`
--

/*!40000 ALTER TABLE `logcon_dbmappings` DISABLE KEYS */;
LOCK TABLES `logcon_dbmappings` WRITE;
INSERT INTO `EFL_DB`.`logcon_dbmappings` VALUES  (1,'EFL_MAPPING','uID=>ID,timereported=>DATE,EFL_TIME=>TIME,EFL_SYSTEM=>SYSTEM,EFL_ACTION=>ACTION,EFL_RULE=>RULE,EFL_INT_IN=>INT_IN,EFL_SRC_IP=>SRC_IP,EFL_SRC_PORT=>SRC_PORT,EFL_PROTO=>PROTO,EFL_INT_OUT=>INT_OUT,EFL_DST_IP=>DST_IP,EFL_DST_PORT=>DST_PORT,EFL_MAC=>MAC,EFL_TOS=>TOS,EFL_TTL=>TTL,EFL_SEQ=>SEQ,msg=>MSG');
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_dbmappings` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_fields`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_fields`;
CREATE TABLE  `EFL_DB`.`logcon_fields` (
  `FieldID` varchar(64) NOT NULL,
  `FieldDefine` varchar(64) NOT NULL,
  `FieldCaption` varchar(255) NOT NULL,
  `FieldType` int(11) NOT NULL,
  `Sortable` tinyint(1) NOT NULL,
  `DefaultWidth` int(11) NOT NULL,
  `FieldAlign` varchar(32) NOT NULL,
  `SearchField` varchar(64) NOT NULL,
  `SearchOnline` tinyint(1) NOT NULL,
  `Trunscate` int(11) NOT NULL,
  PRIMARY KEY (`FieldID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='This table stores custom fields';

--
-- Dumping data for table `EFL_DB`.`logcon_fields`
--

/*!40000 ALTER TABLE `logcon_fields` DISABLE KEYS */;
LOCK TABLES `logcon_fields` WRITE;
INSERT INTO `EFL_DB`.`logcon_fields` VALUES  ('EFL_ACTION','EFL_ACTION','Action',0,0,50,'center','EFL_ACTION',0,0),
('EFL_DATE','EFL_DATE','Date',2,0,50,'center','EFL_DATE',0,0),
('EFL_DST_IP','EFL_DST_IP','DST_IP',0,0,50,'center','EFL_DST_IP',0,0),
('EFL_DST_PORT','EFL_DST_PORT','DST_PORT',1,0,50,'center','EFL_DST_PORT',0,0),
('EFL_INT_IN','EFL_INT_IN','INT_IN',0,0,50,'center','EFL_INT_IN',0,0),
('EFL_MAC','EFL_MAC','MAC',0,0,50,'center','EFL_MAC',0,0),
('EFL_PROTO','EFL_PROTO','PROTO',0,0,50,'center','EFL_PROTO',0,0),
('EFL_RULE','EFL_RULE','Rule',1,0,50,'center','EFL_RULE',0,0),
('EFL_SRC_IP','EFL_SRC_IP','SRC_IP',0,0,50,'center','EFL_SRC_IP',0,0),
('EFL_SRC_PORT','EFL_SRC_PORT','SRC_PORT',1,0,50,'center','EFL_SRC_PORT',0,0),
('EFL_SYSTEM','EFL_SYSTEM','System',0,0,50,'center','EFL_SYSTEM',0,0),
('EFL_TIME','EFL_TIME','Time',0,0,50,'center','EFL_TIME',0,0),
('EFL_TOS','EFL_TOS','TOS',0,0,50,'center','EFL_TOS',0,0),
('EFL_TTL','EFL_TTL','TTL',1,0,50,'center','EFL_TTL',0,0),
('EFL_INT_OUT','EFL_INT_OUT','INT_OUT',0,0,50,'center','EFL_INT_OUT',0,0);
INSERT INTO `EFL_DB`.`logcon_fields` VALUES  ('EFL_SEQ','EFL_SEQ','Sequence',1,0,50,'center','EFL_SEQ',0,0);
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_fields` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_groupmembers`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_groupmembers`;
CREATE TABLE  `EFL_DB`.`logcon_groupmembers` (
  `userid` int(11) NOT NULL,
  `groupid` int(11) NOT NULL,
  `is_member` tinyint(1) NOT NULL DEFAULT '1'
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Helpertable to store which users are in which group';

--
-- Dumping data for table `EFL_DB`.`logcon_groupmembers`
--

/*!40000 ALTER TABLE `logcon_groupmembers` DISABLE KEYS */;
LOCK TABLES `logcon_groupmembers` WRITE;
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_groupmembers` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_groups`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_groups`;
CREATE TABLE  `EFL_DB`.`logcon_groups` (
  `ID` int(11) NOT NULL AUTO_INCREMENT,
  `groupname` varchar(32) NOT NULL,
  `groupdescription` varchar(255) NOT NULL,
  `grouptype` int(11) NOT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Table for phplogcon groups';

--
-- Dumping data for table `EFL_DB`.`logcon_groups`
--

/*!40000 ALTER TABLE `logcon_groups` DISABLE KEYS */;
LOCK TABLES `logcon_groups` WRITE;
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_groups` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_searches`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_searches`;
CREATE TABLE  `EFL_DB`.`logcon_searches` (
  `ID` int(11) NOT NULL AUTO_INCREMENT,
  `DisplayName` varchar(255) NOT NULL,
  `SearchQuery` varchar(1024) NOT NULL,
  `userid` int(11) DEFAULT NULL,
  `groupid` int(11) DEFAULT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=8 DEFAULT CHARSET=latin1 COMMENT='Stores custom user searches';

--
-- Dumping data for table `EFL_DB`.`logcon_searches`
--

/*!40000 ALTER TABLE `logcon_searches` DISABLE KEYS */;
LOCK TABLES `logcon_searches` WRITE;
INSERT INTO `EFL_DB`.`logcon_searches` VALUES  (1,'Syslog Warnings and Errors','filter=severity%3A0%2C1%2C2%2C3%2C4&search=Search',NULL,NULL),
(2,'Syslog Errors','filter=severity%3A0%2C1%2C2%2C3&search=Search',NULL,NULL),
(3,'All messages from the last hour','filter=datelastx%3A1&search=Search',NULL,NULL),
(4,'All messages from last 12 hours','filter=datelastx%3A2&search=Search',NULL,NULL),
(5,'All messages from last 24 hours','filter=datelastx%3A3&search=Search',NULL,NULL),
(6,'All messages from last 7 days','filter=datelastx%3A4&search=Search',NULL,NULL),
(7,'All messages from last 31 days','filter=datelastx%3A5&search=Search',NULL,NULL);
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_searches` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_sources`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_sources`;
CREATE TABLE  `EFL_DB`.`logcon_sources` (
  `ID` int(11) NOT NULL AUTO_INCREMENT,
  `Name` varchar(255) NOT NULL,
  `Description` text NOT NULL,
  `SourceType` tinyint(4) NOT NULL,
  `MsgParserList` varchar(255) NOT NULL,
  `MsgNormalize` tinyint(1) NOT NULL DEFAULT '0',
  `MsgSkipUnparseable` tinyint(1) NOT NULL DEFAULT '0',
  `ViewID` varchar(64) NOT NULL,
  `LogLineType` varchar(64) DEFAULT NULL,
  `DiskFile` varchar(255) DEFAULT NULL,
  `DBTableType` varchar(64) DEFAULT NULL,
  `DBType` tinyint(4) DEFAULT NULL,
  `DBServer` varchar(255) DEFAULT NULL,
  `DBName` varchar(64) DEFAULT NULL,
  `DBUser` varchar(64) DEFAULT NULL,
  `DBPassword` varchar(255) DEFAULT NULL,
  `DBTableName` varchar(64) DEFAULT NULL,
  `DBEnableRowCounting` tinyint(1) DEFAULT NULL,
  `DBRecordsPerQuery` int(11) NOT NULL DEFAULT '100',
  `userid` int(11) DEFAULT NULL,
  `groupid` int(11) DEFAULT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1 COMMENT='Table to store datasources in phplogcon';

--
-- Dumping data for table `EFL_DB`.`logcon_sources`
--

/*!40000 ALTER TABLE `logcon_sources` DISABLE KEYS */;
LOCK TABLES `logcon_sources` WRITE;
INSERT INTO `EFL_DB`.`logcon_sources` VALUES  (1,'EFL_SRC','',2,'',0,0,'1',NULL,NULL,'monitorware',0,'localhost','EFL_DB','rsyslog','1qaz!QAZ','EFL_FWLOGS_TBL',0,100,NULL,NULL);
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_sources` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_users`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_users`;
CREATE TABLE  `EFL_DB`.`logcon_users` (
  `ID` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(32) NOT NULL,
  `password` varchar(32) NOT NULL,
  `is_admin` tinyint(1) NOT NULL DEFAULT '0',
  `last_login` int(4) NOT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1 COMMENT='Table for the phplogcon users';

--
-- Dumping data for table `EFL_DB`.`logcon_users`
--

-- /*!40000 ALTER TABLE `logcon_users` DISABLE KEYS */;
-- LOCK TABLES `logcon_users` WRITE;
-- INSERT INTO `EFL_DB`.`logcon_users` VALUES  (1,'user1','changedthis',1,1265731007);
-- UNLOCK TABLES;
-- /*!40000 ALTER TABLE `logcon_users` ENABLE KEYS */;


--
-- Definition of table `EFL_DB`.`logcon_views`
--

DROP TABLE IF EXISTS `EFL_DB`.`logcon_views`;
CREATE TABLE  `EFL_DB`.`logcon_views` (
  `ID` int(11) NOT NULL AUTO_INCREMENT,
  `DisplayName` varchar(255) NOT NULL,
  `Columns` text NOT NULL,
  `userid` int(11) DEFAULT NULL,
  `groupid` int(11) DEFAULT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1 COMMENT='Stores custom defined user views.';

--
-- Dumping data for table `EFL_DB`.`logcon_views`
--

/*!40000 ALTER TABLE `logcon_views` DISABLE KEYS */;
LOCK TABLES `logcon_views` WRITE;
INSERT INTO `EFL_DB`.`logcon_views` VALUES  (1,'EFL_VIEW','uID, timereported, EFL_TIME, EFL_SYSTEM, EFL_ACTION, EFL_RULE, EFL_INT_IN, EFL_SRC_IP, EFL_SRC_PORT, EFL_PROTO, EFL_INT_OUT, EFL_DST_IP, EFL_DST_PORT, EFL_MAC, EFL_TOS, EFL_TTL, EFL_SEQ, msg',NULL,NULL);
UNLOCK TABLES;
/*!40000 ALTER TABLE `logcon_views` ENABLE KEYS */;




/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;