Snort mailing list archives

Database formats

From: "Greg Robinson" <greg () diverdown cc>
Date: Tue, 16 Jul 2002 20:23:14 -0500

I am logging my snort server to a MySql Database....
I have two questions..??
1.  How do I get snort to only write to the database..and not the /var/log/snort directory also..??
2.  How would I go about getting custom reports out of the snort database..??
    For instance: If i look at the iphdr table: I get the following output..??
    mysql> select * from iphdr where cid = '1';   
+-----+-----+------------+------------+--------+---------+--------+--------+-------+----------+--------+--------+----------+---------+
| sid | cid | ip_src     | ip_dst     | ip_ver | ip_hlen | ip_tos | ip_len | ip_id | ip_flags | ip_off | ip_ttl | 
ip_proto | ip_csum |
+-----+-----+------------+------------+--------+---------+--------+--------+-------+----------+--------+--------+----------+---------+
|   1 |   1 | 1065291291 | 3487996171 |      4 |       5 |      0 |    753 | 16405 |        0 |      0 |    113 |       
 6 |    4198 |
|   2 |   1 | 1036618565 | 3487996171 |      4 |       5 |     16 |    623 |     0 |        0 |      0 |    240 |       
 6 |       0 |
+-----+-----+------------+------------+--------+---------+--------+--------+-------+----------+--------+--------+----------+---------+
2 rows in set (1.77 sec)
How do I convert the ip_src field back to an IP address so I could write a select statement to find out how many times 
that ip_src is in the database..??

Thanks in advance...

Greg

Current thread:

Database formats Greg Robinson (Jul 16)
- Re: Database formats Imran William Smith (Jul 16)
- Re: Database formats Ian Macdonald (Jul 23)
  - Re: Database formats Imran William Smith (Jul 23)