[Snort-users] Questions/Suggestion: Which data to put in the DB?

Mike Andersen mike at ...207...
Tue Aug 8 14:44:07 EDT 2000

[Jed Pickel]
| Does anyone have some example code that can SELECT using an
| arbitrary subnet using the current snortdb? I could write some but
| I just don't have time at the moment.

Just an example to illustrate how I see it done with 32 bits addresses:

$Netaddr  = IP address AND network mask
$Bcast = IP address AND NOT network mask

And then:

Select * from iphdr where ip_src > $Netaddr and ip_src < $Bcast;

This would be a very flexible, and might reduce the load on both the
database and the application.

Brain fried -- Core dumped

