[Snort-users] Dshield perl script.

Hutchinson, Andrew Andrew.Hutchinson at ...3639...
Wed Sep 18 07:38:05 EDT 2002


Try this.  There was no call to his 'getip' subroutine, which uses the
inet_ntoa function of the Socket module.  I added lines 46 and 47, which
should convert the addresses.

Andrew

-----Original Message-----
From: Jaco Lange [mailto:jaco at ...6805...] 
Sent: Wednesday, September 18, 2002 8:49 AM
To: snort-users at lists.sourceforge.net; mark.rowlands at ...752...
Subject: [Snort-users] Dshield perl script.


** High Priority **
** Reply Requested When Convenient **

Hi Mark


I tried the perl scrip you written for Snort ACID and MYSQL 
I found it very usesfull, everything works just the IP address is
returned in a 
funny way, it looks like it in not converted to a ip address format
xxx.xxx.xx.xx insted I get a Number 

Subject FORMAT DSHIELD USERID 12345678 TZ +02:00 
 
2002-09-17 15:16:00
+01:00	USERID	1	3232236545	8080	3232236309	1190
TCP
                                                                       
        how do I get this IP ?


Any help appreciated.

Thanks
Jaco lange

 


_______________________________
Jaco Lange
e-Innovation Consulting
P O BOX 12937
Hatfield, 0028

Cell: +27-(0)833053854
Tel: +27-(0)12-807 1864
Fax: +27-(0)12-807 1829

http://www.e-innovation.co.za/ 
_______________________________

"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed.
If you are not the intended recipient, you are notified that you may not
use, distribute or copy this document in any manner whatsoever. Kindly
also notify the sender immediately by telephone, and delete the e-mail.
When addressed to clients of the company from where this e-mail
originates ("the sending company ") any opinion or advice contained in
this e-mail is subject to the terms and conditions expressed in any
applicable terms of business or client engagement letter . The sending
company does not accept liability for any damage, loss or expense
arising from this e-mail and/or from the accessing of any files attached
to this e-mail."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dshield.pl
Type: application/octet-stream
Size: 2852 bytes
Desc: dshield.pl
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020918/c2a53c19/attachment.obj>


More information about the Snort-users mailing list