Snort mailing list archives
How does one print out summary of unique addresses.
From: "Raymond Jacob" <jacob_raymond () hotmail com>
Date: Mon, 08 Apr 2002 17:45:00 +0000
I am trying to determine all the source ip addresses that are not on my network that generated alerts over a 72hour period. I have no problem doing this. Next I determine all of the unique ip addresses that generated alerts based on my previous queury. Lastly, I want to email the 1st 5-pages of this list to my account to go through the ones with the highest hits individually. Question: How do I capture the results of the subquery for all unique ip addresses that generated alerts? I already know the copy, paste,next page, repeat until done method. As a follow up can you construct a query that will aggregate all of the hits by user defined subnet mask i.e. combine all ip's that belong to the same network into one output record. for example net/address #of alertws type of alerts #of sensor 123.43.0.0/16 300 4 2 Thank you, Raymond _________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How does one print out summary of unique addresses. Raymond Jacob (Apr 08)