Re: Dshield perl script.

[Mark Rowlands <mark.rowlands () minmail net>]

On Wed September 18 2002 15:49, Jaco Lange wrote:
> ** High Priority **
> ** Reply Requested When Convenient **
>
> Hi Mark
>
>
> I tried the perl scrip you written for Snort ACID and MYSQL
> I found it very usesfull, everything works just the IP address is
> returned in a
> funny way, it looks like it in not converted to a ip address format
> xxx.xxx.xx.xx insted I get a Number
>
> Subject FORMAT DSHIELD USERID 12345678 TZ +02:00
>
> 2002-09-17 15:16:00
> +01:00        USERID  1       3232236545      8080    3232236309      1190    TCP
>
>         how do I get this IP ?

well I 've written a couple of them now on "a use at your own peril" basis but 
I guess you are missing a lump that looks like ..........


sub getip {
  $ip=inet_ntoa(pack("N", $_[0]));
  return $ip;
}

and possibly 

sub iptoname {
  @numbers = split(/\./, $_[0]);
  $ip_number = pack("C4", @numbers);
  ($name) = (gethostbyaddr($ip_number, 2))[0];
  if ($name) {
    return $name;
    } else {
    $name =$source;
    return $name;
  }
}



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users