Snort mailing list archives
RE: how to populate snort payload data to MySQL?
From: "samwun" <samwun () hgcbroadband com>
Date: Wed, 22 Oct 2003 23:53:17 +0800
Do you know how to convert data in field data_payload to a more readable form like using tcpdump -vv -X? Thanks Sam -----Original Message----- From: Jeff Dell [mailto:jdell () activeworx com] Sent: Wednesday, October 22, 2003 11:37 PM To: 'samwun'; snort-users () lists sourceforge net Subject: RE: [Snort-users] how to populate snort payload data to MySQL? The table data is where the payload resides. To get more details on the Schema checkout: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_db_er_v102.html Jeff -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of samwun Sent: Wednesday, October 22, 2003 10:07 AM To: snort-users () lists sourceforge net Subject: [Snort-users] how to populate snort payload data to MySQL? Dear all, I've been searched around in google but could not find a solution. I've also changed the snort.conf confniguration so that it has the following line enable: output database: log, mysql, user=snort password=new_password dbname=snort host=localhost encoding=hex detail=full Although added the line econding=hex and detail=full to the above line, but I still don't find a way to see full logging appear in MySQL tables. Is the payload data really logged to the Mysql tables? How can I know it? Please see the following tables in MySQL: mysql> show tables; +------------------+ | Tables_in_snort | +------------------+ | acid_ag | | acid_ag_alert | | acid_event | | acid_ip_cache | | data | | detail | | encoding | | event | | flags | | icmphdr | | iphdr | | opt | | protocols | | reference | | reference_system | | schema | | sensor | | services | | sig_class | | sig_reference | | signature | | tcphdr | | udphdr | +------------------+ 23 rows in set (0.00 sec) mysql> Which tables contains payload data? Thanks Sam ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- byte_test and Snortcenter John Hally (Oct 14)
- RE: byte_test and Snortcenter snort (Oct 16)
- [Snort-Users] Patching Snort with SnortSAM DaniƩl Haslinger (Oct 19)
- script to extract payload info from mysql snort table samwun (Oct 19)
- error in running SnortSnarf samwun (Oct 19)
- Re: [Snort-Users] Patching Snort with SnortSAM Frank Knobbe (Oct 19)
- how to populate snort payload data to MySQL? samwun (Oct 22)
- RE: how to populate snort payload data to MySQL? Jeff Dell (Oct 22)
- RE: how to populate snort payload data to MySQL? samwun (Oct 22)
- how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 22)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Erek Adams (Oct 22)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Sam Wun (Oct 23)
- Distributed tcpdump output log file from snort. sam (Oct 23)
- [Snort-Users] Patching Snort with SnortSAM DaniƩl Haslinger (Oct 19)
- RE: byte_test and Snortcenter snort (Oct 16)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Martin Olsson (Oct 24)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Martin Olsson (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? Jeff Dell (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)