[Snort-sigs] Snort Alert Mysql Query

Rob MacGregor rob.macgregor at ...2420...
Mon Feb 15 08:48:36 EST 2016


On Sun, Feb 14, 2016 at 5:35 PM adonis okpidi <adonisokpidi at ...2420...>
wrote:

> Hi.
>
> I used Barnyard2 to read the snort.log file into MySQL database
>

Then you also need to join on the "cid" values as well as "sid" values. The
"sid" value is the sensor identifier, "cid" for the event (on that sensor).
-- 
Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160215/d804e546/attachment.html>


More information about the Snort-sigs mailing list