0
我想要一個查詢,將所有相同的列分組,並在我的輸出中有一個額外的列,每個獨特的總數與下面的輸出類似?如何返回總結類似外觀的查詢?
sig_id ip_src ip_dst sig_name timestamp
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
我希望我的輸出是這樣的:
sig_id ip_src ip_dst sig_name timestamp num
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 4
sig_id ip_src ip_dst sig_name timestamp num
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 4
這裏是我已經試過了查詢,但它是完全錯誤的:
select
signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst),
signature.sig_name, event.timestamp, count(*) as num
from
signature
join
event on signature.sig_id = event.signature
join
iphdr on event.sid = iphdr.sid
group by
signature;
返回
sig_id ip_src ip_dst sig_name timestamp num
501 192.168.0.1 192.168.0.103 DNS SPOOF query response with TTL of 1 min. and no authority 2010-08-23 21:43:37 5236
502 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB newpost.php access 2010-08-23 21:45:39 238
503 192.168.0.1 192.168.0.103 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:47:12 1428
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 119
505 192.168.0.1 192.168.0.103 MS-SQL version overflow attempt 2003-09-05 06:14:33 2261
506 192.168.0.1 192.168.0.103 NETBIOS SMB repeated logon failure 2003-09-06 14:11:57 4879
你正在處理的查詢在哪裏?你有什麼嘗試? – gitsitgo
@gitsitgo增加了它大聲笑..它可怕的壽ha hahah – BuzzLightYear
比沒有好,;)。告訴我們你實際上已經嘗試了一些東很高興你有你的答案! – gitsitgo