[Snort-users] Question about payload

beenph beenph at ...11827...
Sun Mar 31 20:50:10 EDT 2013


On Sun, Mar 31, 2013 at 8:22 PM, Dmitry Korzhevin
<dmitry.korzhevin at ...15907...> wrote:
> Hi,
>
> Please tell, where is snort save payload information in database snort, and
> how to get info (for example: time and date + payload)
>

For example it could look like this

SELECT a.sid,a.cid,a.signature,c.sig_name,a.timestamp,b.data_payload FROM
 event AS a,data AS b,signature AS c WHERE (a.sid=b.sid) AND
(a.cid=b.cid) AND (a.signature = c.sig_id);

-elz


> Here is my snort database:
>
>
> mysql> SHOW TABLES;
> +------------------+
> | Tables_in_snort  |
> +------------------+
> | data             |
> | detail           |
> | encoding         |
> | event            |
> | icmphdr          |
> | iphdr            |
> | opt              |
> | reference        |
> | reference_system |
> | schema           |
> | sensor           |
> | sig_class        |
> | sig_reference    |
> | signature        |
> | tcphdr           |
> | udphdr           |
> +------------------+
> 16 rows in set (0.00 sec)
>
> mysql>
>
>
>
> Best Regards,
> Dmitry
>
> ---
> Dmitry KORZHEVIN
> System Administrator
> STIDIA S.A. - Luxembourg
>
> e: dmitry.korzhevin at ...15907...
> m: +38 093 874 5453
> w: http://www.stidia.com
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel® Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game
> on Steam. $5K grand prize plus 10 genre and skill prizes.
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list