Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: database IP attribute logging format

From: "Mayers, Philip J" <p.mayers () ic ac uk>
Date: Thu, 23 Aug 2001 10:55:17 +0100
Well, if you can adapt the stored procedure below from Postgres to MySQL,
you can create a view...

CREATE FUNCTION int8ip_to_str(int8) RETURNS inet AS '
DECLARE
    t inet;
BEGIN
    t = (($1>>24) & 255::int8) || ''.'' ||
        (($1>>16) & 255::int8) || ''.'' ||
        (($1>>8)  & 255::int8) || ''.'' ||
        ($1     & 255::int8);
    RETURN t;
END;
' LANGUAGE 'plpgsql';

create view iphdr_txt as
select *,int8ip_to_str(ip_src) as ipsrc,int8ip_to_str(ip_dst) as ipdst from
iphdr;

Regards,
Phil

+------------------------------------------+
| Phil Mayers                              |
| Network & Infrastructure Group           |
| Information & Communication Technologies |
| Imperial College                         |
+------------------------------------------+

-----Original Message-----
From: Jamil Farshchi [mailto:jfarshch () hq nasa gov]
Sent: 23 August 2001 01:41
To: snort-users () lists sourceforge net
Subject: [Snort-users] database IP attribute logging format


Hello,

I am using the mysql 3.23.40 logging feature on snort 1.8.1 and I am having 
some trouble with the format that the IP addresses are stored. I looked at 
the table definitions and they are stored in an int(10) unsigned, but how 
do I convert the 10 digit number into a four octet ip address?

For example:
mysql> select distinct ip_src from iphdr;
-----------
|ip_src    |
-----------|
|2159537049|
|----------

what format is that number in? How do I convert it into an ip address?

Any help would be greatly appreciated.

-jamil
----------------------------------------------------------------------------
------------------------
Jamil D. Farshchi
Computer Specialist, Inspections and Assessments
NASA Office of Inspector General
Washington, DC  20546
Phone: (202) 358-1897 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: