[Snort-devel] postgresql cidr and inet

ian.willis at ...1523... ian.willis at ...1523...
Tue Aug 6 19:36:03 EDT 2002


Hi All

I was looking at using snort to a postgresql database and was wondering if 
their had been any work done on using the inet and cidr data types that 
are available on postgresql. Shamelessly quoting another source that I 
discussed this with. Any thoughts on the matter would be appreciated


Pros:
        1. The inet data type would be a more correct defn of the data
               , this isnt all that critical but it is nice.

        2. There are a number of operators associated with the inet and
                cidr data types that make it very easy to search for
                hosts in a specific network range. I see this as
                                 the primary motivation to move.


Cons:

        1.  The current schema used by snort is fairly generic, this
                makes it more divergent.  But then again that isnt
                                 always a bad thing.

        2.  Hmm, not to many cons that I can think of.


Thanks Ian









More information about the Snort-devel mailing list