[Snort-users] MAC address

Martin Roesch roesch at ...421...
Fri Jan 26 22:23:43 EST 2001


There's nothing built in to do that, but if you look at the database
plugin it'd be a simple matter to do inserts of data off the eh pointer
out of the Packet struct into the DB.  You'd also need to add a table in
the DB to handle layer 2 data, but I think that this would be a pretty
simple operation if you are comfortable with MySQL and C programming. 
Maybe Jed/Roman could add this capability?

    -Marty

Jan-Frode Myklebust wrote:
> 
> Hi,
> 
> I'm trying to set ut a database where I match snort alerts with both IP
> address and MAC address (because we have machines connected via DHCP). Is
> there any way to have snort log the MAC address of a packet when it
> matches a signature?
> 
>   -jf
> 
> --
> Donate spare cpucycles to GRISK <http://www.ii.uib.no/grisk/>
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list