sql - How to return a query summing similar appearance? -


i want query group identical column , have column in output total number of each unique output below?

sig_id  ip_src       ip_dst         sig_name                                        timestamp 504    192.168.0.1  192.168.0.103   community web-php deluxebb forums.php access    2010-08-23 21:47:56 504    192.168.0.1  192.168.0.103   community web-php deluxebb forums.php access    2010-08-23 21:47:56 504    192.168.0.1  192.168.0.103   community web-php deluxebb forums.php access    2010-08-23 21:47:56 504    192.168.0.1  192.168.0.103   community web-php deluxebb forums.php access    2010-08-23 21:47:56   503    192.168.1.3  63.243.90.10    icmp destination unreachable communication destination host administratively prohibited 2010-08-23 21:51:47 503    192.168.1.3  63.243.90.10    icmp destination unreachable communication destination host administratively prohibited 2010-08-23 21:51:47 503    192.168.1.3  63.243.90.10    icmp destination unreachable communication destination host administratively prohibited 2010-08-23 21:51:47 503    192.168.1.3  63.243.90.10    icmp destination unreachable communication destination host administratively prohibited 2010-08-23 21:51:47

i want output this:

  sig_id  ip_src       ip_dst         sig_name                                        timestamp          num   504     192.168.0.1  192.168.0.103  community web-php deluxebb forums.php access  2010-08-23 21:47:56   4  sig_id  ip_src       ip_dst         sig_name                                        timestamp                                                             num 503    192.168.1.3  63.243.90.10    icmp destination unreachable communication destination host administratively prohibited 2010-08-23 21:51:47    4

here query have tried it's wrong:

select      signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst),      signature.sig_name, event.timestamp, count(*) num      signature join      event on signature.sig_id = event.signature join      iphdr on event.sid = iphdr.sid group      signature;

returns

sig_id  ip_src       ip_dst         sig_name                                        timestamp                                                             num     501 192.168.0.1 192.168.0.103   dns spoof query response ttl of 1 min. , no authority    2010-08-23 21:43:37                                   5236     502 192.168.0.1 192.168.0.103   community web-php deluxebb newpost.php access   2010-08-23 21:45:39                                                   238     503 192.168.0.1 192.168.0.103   icmp destination unreachable communication destination host administratively prohibited 2010-08-23 21:47:12 1428     504 192.168.0.1 192.168.0.103   community web-php deluxebb forums.php access    2010-08-23 21:47:56                                                   119     505 192.168.0.1 192.168.0.103   ms-sql version overflow attempt 2003-09-05 06:14:33                                                                   2261     506 192.168.0.1 192.168.0.103   netbios smb repeated logon failure  2003-09-06 14:11:57                                                               4879

try this...

select signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst),  signature.sig_name, event.timestamp, count(*) num     signature join     event on signature.sig_id = event.signature join      iphdr on event.sid = iphdr.sid group signature.sig_id, inet_ntoa, inet_ntoa,     signature.sig_name, event.timestamp

in general when performing aggregate function 'count', there needs group of other columns in select list.


Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

java - No use of nillable="0" in SOAP Webservice -

i have received xsd 3rd party supplier generated java based system; used create soap endpoint receive data transfers. xsd not make use of nillable attribute defined within w3c/xsd namespace, example: <xs:complextype name="customer"> <xs:sequence> <xs:element minoccurs="1" maxoccurs="1" name="id" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="titleid" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="firstname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="familyname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="previousname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" nam...
Read more

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -

edit: think problem due not setting apache properly, these 2 links helped me. solution: http://laravel.io/forum/06-11-2014-not-found-but-route-exists https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts end edit i'm following laravel 5.2 quickstart guide. https://laravel.com/docs/5.2/quickstart i'm running ubuntu 14.04.2 the website runs initially, when click on add task button run 404 not found error. as per guide run following commands setup complete quickstart project. git clone https://github.com/laravel/quickstart-basic quickstart cd quickstart composer install php artisan migrate additionally run following commands because i'm on ubuntu server: sudo chown -r www-data.www-data quickstart sudo chmod -r 755 quickstart sudo chmod 777 quickstart/storage the routes.php file looks like: <?php use app\task; use illuminate\http\request; route::group(['middleware' => ['web']]...
Read more