Snort mailing list archives
RE: Snort &postgresql (possibly stupid question department)
From: Mark Forsyth <forsythm () optushome com au>
Date: Tue, 23 Oct 2001 11:00:23 +1000
Hi folks, Thanks for all the replies. I've had a few private e-mails all saying essentially the same thig. I'm currently rebuilding postgres with PLPerl which seems to me to be the way to go for my usage... Ooroo Mark F... On Monday, October 22, 2001 6:45 PM, Roberto Suarez Soto [SMTP:robe () alfa21 com] wrote:
On Oct/22/2001, Mark Forsyth wrote:Hiya, Maybe I've lost the plot completely but.. Snort stores IP
addresses (
Ip_src & ip_dst ) in the iphdr table as a bigint so a select of that
table
returns ...:-As I parse the data from the DB with Perl, I made a quick dirty function to parse a bigint into a "normal" IP address. Maybe it's useful
:-)
sub bigint2ip ($) { my $bigint = shift; my $ip = ""; my $tmp = $bigint; for (my $i=32; $i > 0; $i-=8) { $ip = ($tmp & 255) . ".$ip"; $tmp = $tmp >> 8; } chop($ip); return $ip; } I guess it's trivial to "port" it to any another language. But I'm also sure that there are better ways to do it :-) -- Roberto Suarez Soto Alfa21 Outsourcing robe () alfa21 com http://www.alfa21.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort &postgresql (possibly stupid question department) Mark Forsyth (Oct 21)
- Re: Snort &postgresql (possibly stupid question department) Roberto Suarez Soto (Oct 22)
- <Possible follow-ups>
- RE: Snort &postgresql (possibly stupid question department) Mark Forsyth (Oct 22)
- Re: Snort &postgresql (possibly stupid question department) roman (Nov 18)