[Snort-users] Questions/Suggestion: Which data to put in the DB?
mike at ...207...
Tue Aug 8 14:44:07 EDT 2000
| Does anyone have some example code that can SELECT using an
| arbitrary subnet using the current snortdb? I could write some but
| I just don't have time at the moment.
Just an example to illustrate how I see it done with 32 bits addresses:
$Netaddr = IP address AND network mask
$Bcast = IP address AND NOT network mask
Select * from iphdr where ip_src > $Netaddr and ip_src < $Bcast;
This would be a very flexible, and might reduce the load on both the
database and the application.
Brain fried -- Core dumped
More information about the Snort-users