Snort mailing list archives
Re: Dshield perl script.
From: Mark Rowlands <mark.rowlands () minmail net>
Date: Thu, 19 Sep 2002 07:17:34 +0200
On Wed September 18 2002 15:49, Jaco Lange wrote:
** High Priority ** ** Reply Requested When Convenient ** Hi Mark I tried the perl scrip you written for Snort ACID and MYSQL I found it very usesfull, everything works just the IP address is returned in a funny way, it looks like it in not converted to a ip address format xxx.xxx.xx.xx insted I get a Number Subject FORMAT DSHIELD USERID 12345678 TZ +02:00 2002-09-17 15:16:00 +01:00 USERID 1 3232236545 8080 3232236309 1190 TCP how do I get this IP ?
well I 've written a couple of them now on "a use at your own peril" basis but I guess you are missing a lump that looks like .......... sub getip { $ip=inet_ntoa(pack("N", $_[0])); return $ip; } and possibly sub iptoname { @numbers = split(/\./, $_[0]); $ip_number = pack("C4", @numbers); ($name) = (gethostbyaddr($ip_number, 2))[0]; if ($name) { return $name; } else { $name =$source; return $name; } } ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Dshield perl script. Jaco Lange (Sep 18)
- Re: Dshield perl script. Mark Rowlands (Sep 18)
- <Possible follow-ups>
- RE: Dshield perl script. Hutchinson, Andrew (Sep 18)