[Snort-users] Snort &postgresql (possibly stupid question department)

Mark Forsyth forsythm at ...1704...
Sun Oct 21 08:08:01 EDT 2001


Hiya,
     Maybe I've lost the plot completely but.. Snort stores IP addresses ( 
Ip_src & ip_dst ) in the iphdr table as a bigint so a select of that table 
returns ...:-


snort=# select ip_src,ip_dst from iphdr;
   ip_src   |   ip_dst
------------+------------
 3587915298 | 3416531087
 3507146690 | 3416531087
 3507159138 | 3416531087

My question is how to do the conversion to the IPv4 (xxx.xxx.xxx.xxx) 
format ? Presumably I'm missing something obvious, in fact so obvious that 
I haven't a hope of seeing it ??

I used the script supplied in snort-1.8.1-RELEASE to create the database. 
(snort-1.8.1-RELEASE/contrib/create_postgresql)

TIA
Mark F...




More information about the Snort-users mailing list