[Snort-users] Database formats

Greg Robinson greg at ...3899...
Tue Jul 16 18:20:04 EDT 2002


I am logging my snort server to a MySql Database....
I have two questions..??
1.  How do I get snort to only write to the database..and not the /var/log/snort directory also..??
2.  How would I go about getting custom reports out of the snort database..??
    For instance: If i look at the iphdr table: I get the following output..??
    mysql> select * from iphdr where cid = '1';   
+-----+-----+------------+------------+--------+---------+--------+--------+-------+----------+--------+--------+----------+---------+
| sid | cid | ip_src     | ip_dst     | ip_ver | ip_hlen | ip_tos | ip_len | ip_id | ip_flags | ip_off | ip_ttl | ip_proto | ip_csum |
+-----+-----+------------+------------+--------+---------+--------+--------+-------+----------+--------+--------+----------+---------+
|   1 |   1 | 1065291291 | 3487996171 |      4 |       5 |      0 |    753 | 16405 |        0 |      0 |    113 |        6 |    4198 |
|   2 |   1 | 1036618565 | 3487996171 |      4 |       5 |     16 |    623 |     0 |        0 |      0 |    240 |        6 |       0 |
+-----+-----+------------+------------+--------+---------+--------+--------+-------+----------+--------+--------+----------+---------+
2 rows in set (1.77 sec)
How do I convert the ip_src field back to an IP address so I could write a select statement to find out how many times that ip_src is in the database..??

Thanks in advance...

Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020716/9b87c027/attachment.html>


More information about the Snort-users mailing list