Re: Snort and Barnyard2

[Josh Bitto <jbitto () onlineschool ca>]

I got it working by doing this
SELECT ip_src,ip_dst,INET_NTOA(ip_src),INET_NTOA(ip_dst)
FROM iphdr;

Thank you for the help….and from beenph as well.



From: Y M [mailto:snort () outlook com]
Sent: Wednesday, February 06, 2013 11:44 AM
To: Josh Bitto; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort and Barnyard2

Sorry for not detailing my reply. For  example try querying snort database with:

SELECT ip_src, INET_NTOA(ip_src)
FROM acid_event;

You can add the columns you want to select and then export only the result of the query from phpMyAdmin or MySQL 
Workbench, or whatever db management system you use.

YM
________________________________
From: Josh Bitto<mailto:jbitto () onlineschool ca>
Sent: ‎2/‎6/‎2013 10:31 PM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort and Barnyard2

When you say surround the IP column are you referring to the schema? I’m not sure how to do what you suggest.







From: Y M [mailto:snort () outlook com]
Sent: Wednesday, February 06, 2013 11:10 AM
To: Josh Bitto; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Snort and Barnyard2



The IP address is saved as a numeric value  in the database. If you are using MySQL, then surround the ip column with 
INET_NTOA() function.

Look for: 12.14 Miscellaneous Functions in the MySQL Reference Manual.

YM

________________________________

From: Josh Bitto<mailto:jbitto () onlineschool ca>
Sent: ‎2/‎6/‎2013 10:05 PM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] Snort and Barnyard2

Has anyone else had this issue come up where when you export the data from your database the IP's listed do not 
correspond with the actual IP addresses that have been captured when an event happens?


------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!