[Snort-users] Questions/Suggestion: Which data to put in the DB?

Mike Andersen mike at ...207...
Tue Aug 8 14:44:07 EDT 2000


[Jed Pickel]
|
| Does anyone have some example code that can SELECT using an
| arbitrary subnet using the current snortdb? I could write some but
| I just don't have time at the moment.

Just an example to illustrate how I see it done with 32 bits addresses:

$Netaddr  = IP address AND network mask
$Bcast = IP address AND NOT network mask

And then:

Select * from iphdr where ip_src > $Netaddr and ip_src < $Bcast;

This would be a very flexible, and might reduce the load on both the
database and the application.


mike
-- 
Brain fried -- Core dumped





More information about the Snort-users mailing list