[Snort-users] Snort and M$ Access?????

Wirth, Jeff WirthJe at ...4876...
Fri Feb 8 13:16:12 EST 2002

> Anyway, what I really need to know is, does there exist some tool that
will allow for "easy" 

Take a look at the MySQL client
http://www.mysql.com/downloads/gui-mysqlgui.html. Run a query and dump to a
flat file (comma delimited).  Within your SQL statement you'll need to use
the "inet_ntoa" function to covert the stored IP address back to dotted quad
format.  A search on www.mysql.com for "inet_ntoa" should produce a few
documents on using this function. 

Another option would be to use the MyAccess ODBC driver, but I don't know if
M$ Access has a function like "inet_ntoa".

- Jeff

-----Original Message-----
From: Graham, Randy (RAW) [mailto:RAW at ...4721...]
Sent: Friday, February 08, 2002 1:59 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort and M$ Access?????

Sorry, but I'm forced to ask this...

I have recently gotten Snort 1.8.3 running with mysql and ACID 0.9.6b19 on a
couple of RedHat 7.2 boxen (I know, Marty - I'm working on learning *BSD
well enough to correct the error of my ways).  Everything is working great,
and I love it.  Today, the bosses come to me and ask if we can make Snort
output to an Access database instead.  Knowing where this is going, I try to
fend it off by telling a little lie about what databases Snort supports
(mysql and postgres only).  So, they ask about dumping the mysql database
info into an Access file or flat text so Access can read it in.  Apparently,
they want to store the data on our "more secure" Win2k server.  Keep in mind
that these are the same people who won't let me use open source software
because someone might have compiled a trojan in to the source I'm

Anyway, what I really need to know is, does there exist some tool that will
allow for "easy" (meaning little work for me, and I don't care how much work
for others) migration/transport of the mysql database info from my Linux
machine to their Win2K box?  If so, does there exist a tool to pull that
info back out in a usable format - something comparable to ACID or

I don't even know what else to ask, because I'm still flat on my back from
effectively being told that my Linux machine (which only has ssh and the
stunnel connection for mysql input from other sensors open) is not as secure
as their Win2K machine (which acts as the department print and file server,
and had IIS running unbeknownst to our admin for 6+ months until we
discovered it in a routine scan before Christmas).  As I understand more
what the bosses want, I may be back with more questions.

Oh yea, and I may be slightly biased against the M$ based solution, but if
someone can show me a good way to do this with an M$ OS and an M$ database,
I'll at least seriously consider it.

Randy Graham
The Internet?  Bah!  Is that thing still around?  -- Homer Simpson
http://www.securitynewbie.com/ - for people like me

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list