[Snort-sigs] Snort Alert Mysql Query

Rob MacGregor rob.macgregor at ...2420...
Mon Feb 15 08:48:36 EST 2016

On Sun, Feb 14, 2016 at 5:35 PM adonis okpidi <adonisokpidi at ...2420...>

> Hi.
> I used Barnyard2 to read the snort.log file into MySQL database

Then you also need to join on the "cid" values as well as "sid" values. The
"sid" value is the sensor identifier, "cid" for the event (on that sensor).
Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160215/d804e546/attachment.html>

More information about the Snort-sigs mailing list