Snort mailing list archives

Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! )

From: twig les <twigles () yahoo com>
Date: Thu, 21 Nov 2002 10:06:06 -0800 (PST)

Indulge me here.  Are you actually running manual
queries against the tables in the snort database?  If
so you will see a bunch of confusing stuff.  I'm sure
there is a way to structure the queries to combine the
table info but it's beyond my paltry sql skills.  Add
acid or some other 3rd-party gui-thingy and save
yourself some trouble.  If you can't use a gui try
syslog.

--- verwiebe () itwm fhg de wrote:

hi, folks !
my sql drives me crazy.
table "iphdr" contains 
- ip - addresses without dots : "176689530"
- ip - addresses that do not make any sense at all,
no matter where you
put           the dots : "3501791526"
- ip - addresses ( like above ) that do not match to
the only test - rule
      ( alert tcp $HOME_NET any -> $EXTERNAL_NET any )
because the same
      ip - address is in the "source" - column in one row
and in another                row it
is in the "destination" - column though the
      rule is only one - way
- ip - addresses do not match to the addresses in
/var/log/snort/alert
      ( "10.136.16.8" which is ok ).
first i installed these rpm`s ( from
ftp.suse.com/pub/suse/i386/7.3 ... ):
snort-1.8.1-32, apache-1.3.20-60, mysql-3.23.41-18,
mod_php4-4.0.6-98,
phpMyAdmin-2.2.0-34 on SuSE 7.3, then i tried
snort-1.9.0-1snort.src.rpm,
but the same shit.
forgive me if i forgot any information and gimmie a
hint, please !
thanxalot,
hartmut verwiebe

-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus  Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) verwiebe (Nov 21)
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) twig les (Nov 21)
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) Jens Krabbenhoeft (Nov 21)
- <Possible follow-ups>
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) Roman Danyliw (Nov 21)