Snort mailing list archives
Re: mostly an (my)sql question.
From: "Roman Danyliw" <roman () danyliw com>
Date: Mon, 1 Mar 2004 18:37:23 -0500 (EST)
Try the following: SELECT event.cid, inet_ntoa(ip_src), inet_ntoa(ip_dst), sig_name FROM event LEFT JOIN iphdr ON event.cid = iphdr.cid AND event.sid = iphdr.sid LEFT JOIN signature ON event.signature = signature.sig_id WHERE event.cid > 0 AND iphdr.cid = event.cid LIMIT 500 Roman On Mon, 1 Mar 2004 11:28:04 -0600, John <strgout () unixjunkie com> wrote :
i've just started learning sql, and was wondering if someone could give me a hand. I'm using per-dbi for queries. at the moment. this is what my sql statement looks like. SELECT event.cid,inet_ntoa(ip_src),inet_ntoa(ip_dst) FROM event,iphdr WHERE event.cid > 0 AND iphdr.cid = event.cid LIMIT 500 That much works fine. it prints events 1-500 However i can't seem to figure out how to link the signature table into this. I've tried many (bad :) ) things, and the end result is a query that never ends most of the time or even.cid goes from 1,6,10,etc,etc So lets say i also want to print the priority of the event, how would i add that? ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- mostly an (my)sql question. John (Mar 01)
- <Possible follow-ups>
- RE: mostly an (my)sql question. John (Mar 01)
- Re: mostly an (my)sql question. Roman Danyliw (Mar 01)