[Snort-users] snort postgres database

Fraser Hugh hugh_fraser at ...2804...
Mon Jan 7 07:30:06 EST 2002


I had the same problem connecting Snort to a trouble ticket system. The
simple solution (in my case) was to place the trigger on the iphdr table and
lookup the associated event information. There's a one-to-one correspondence
between event and iphdr, in this version anyway.

> -----Original Message-----
> From: Nate Haggard [mailto:nate at ...4417...]
> Sent: Thursday, December 27, 2001 2:26 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] snort postgres database
> 
> 
> Does someone know how I can change the order that the tables 
> are written to 
> in postgres?  I am trying to set up a trigger.  The problem 
> is that the 
> trigger needs to see the new data inserted into other tables 
> right after 
> the data is inserted into the events table.  The problem 
> seems that the 
> trigger has to exit its program before data can be written to 
> other tables 
> besides event.  So I can't do lookups in iphdr for the ip_src 
> and ip_dst 
> that go with that event, because the data won't be there till 
> the trigger 
> program is finished. The trigger  is set on the event table.  
> Maybe you are 
> thinking this is a trigger problem and I should ask a 
> postgres guru, yet if 
> I could make snort write to the event table after writing to all the 
> other   tables I wouldn't have this problem.
> 
> Thanks
> Nate Haggard  
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list