[Snort-users] RE: Lastest CVS Source
jed at ...153...
Fri Nov 10 17:53:58 EST 2000
> And while I have ya... ;)
> Is the snortdb-extra data from contrib intended to be read into the same
> database as the Snort reporting database?
> If so, how is it used by ACID or other db query tools?
Right now I am not aware of any query tools using these tables;
however, they can be used to make data more human presentable.
Here a couple of examples..
You can use the tables to look up port and protocol numbers so 25/6
can become smtp/tcp. Personally, I prefer numbers but I am the wierd
You can do a query to map an integer value for TCP Flags to the
corresponding URG, ACK, PSH, etc values or the common description
for that flag combination (ie. XMAS scan).
So if anyone is actually using these tables let me know and I will
continue adding more useful data to them.
More information about the Snort-users