Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort postgres database

From: Fraser Hugh <hugh_fraser () dofasco ca>
Date: Mon, 7 Jan 2002 10:29:48 -0500
I had the same problem connecting Snort to a trouble ticket system. The
simple solution (in my case) was to place the trigger on the iphdr table and
lookup the associated event information. There's a one-to-one correspondence
between event and iphdr, in this version anyway.


-----Original Message-----
From: Nate Haggard [mailto:nate () wordplace com]
Sent: Thursday, December 27, 2001 2:26 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort postgres database


Does someone know how I can change the order that the tables 
are written to 
in postgres?  I am trying to set up a trigger.  The problem 
is that the 
trigger needs to see the new data inserted into other tables 
right after 
the data is inserted into the events table.  The problem 
seems that the 
trigger has to exit its program before data can be written to 
other tables 
besides event.  So I can't do lookups in iphdr for the ip_src 
and ip_dst 
that go with that event, because the data won't be there till 
the trigger 
program is finished. The trigger  is set on the event table.  
Maybe you are 
thinking this is a trigger problem and I should ask a 
postgres guru, yet if 
I could make snort write to the event table after writing to all the 
other   tables I wouldn't have this problem.

Thanks
Nate Haggard  


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: