Snort mailing list archives
Re: Snort DB query question.
From: WTWork <securitygauntlet () snet net>
Date: Fri, 25 Oct 2002 01:21:52 -0400
Sound like script time. If you need to query that many IPs maybe you are doing something wrong or just wanting to much data. I think some of the key things to think of here areL
Keep it simple Set priority of events you NEED to see Drill down into critical targetsIf ya need to get the data that bad then you can use wild card * in the string and it should show all the 10.0.0.* addresses
Good luck At 10:22 PM 10/24/2002 -0400, larosa, vjay wrote:
Hello, I have a question that has been bugging me since I started using the database output plugin with snort. Why are the IP addresses stored in the DB in the 32 bit format? What is the advantage? I know there must be something I don't know. I know the SELECT inet_ntoa(ip_src) ...... trick to convert the IP's back to human readable format, but what if I want to search for a CDIR block like 10.10.0.0/16? How would this be done? Is it possible? Thanks! vjl V.Jay LaRosa EMC Corporation Information Security 171 South Street (508)249-3355 office Hopkinton, MA 01748 (508)498-5575 cell www.emc.com (888-799-9750 pager larosa_vjay () emc com (508)497-8082 fax ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort DB query question. larosa, vjay (Oct 24)
- Re: Snort DB query question. Michael Boman (Oct 24)
- <Possible follow-ups>
- RE: Snort DB query question. larosa, vjay (Oct 24)
- RE: Snort DB query question. Kreimendahl, Chad J (Oct 24)
- Re: Snort DB query question. WTWork (Oct 24)