Snort mailing list archives
Re: Snort &postgresql (possibly stupid question department)
From: roman () danyliw com
Date: Sun, 18 Nov 2001 21:10:28 US/Eastern
Take a look at Question #E-1 of the ACID FAQ: http://acidlab.sourceforge.net/acid_faq.html Roman On Mon, 22 Oct 2001, Mark Forsyth wrote:
Hiya,
Maybe I've lost the plot completely but.. Snort stores IP addresses (
Ip_src & ip_dst ) in the iphdr table as a bigint so a select of that table
returns ...:-
snort=# select ip_src,ip_dst from iphdr;
ip_src | ip_dst
------------+------------
3587915298 | 3416531087
3507146690 | 3416531087
3507159138 | 3416531087
My question is how to do the conversion to the IPv4 (xxx.xxx.xxx.xxx)
format ? Presumably I'm missing something obvious, in fact so obvious that
I haven't a hope of seeing it ??
I used the script supplied in snort-1.8.1-RELEASE to create the database.
(snort-1.8.1-RELEASE/contrib/create_postgresql)
TIA
Mark F...
---------------------------------------------
This message was sent using Voicenet WebMail.
http://www.voicenet.com/webmail/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort &postgresql (possibly stupid question department) Mark Forsyth (Oct 21)
- Re: Snort &postgresql (possibly stupid question department) Roberto Suarez Soto (Oct 22)
- <Possible follow-ups>
- RE: Snort &postgresql (possibly stupid question department) Mark Forsyth (Oct 22)
- Re: Snort &postgresql (possibly stupid question department) roman (Nov 18)