Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort and M$ Access?????

From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Fri, 8 Feb 2002 16:00:03 -0500


Anyway, what I really need to know is, does there exist some tool that

will allow for "easy" 

Take a look at the MySQL client
http://www.mysql.com/downloads/gui-mysqlgui.html. Run a query and dump to a
flat file (comma delimited).  Within your SQL statement you'll need to use
the "inet_ntoa" function to covert the stored IP address back to dotted quad
format.  A search on www.mysql.com for "inet_ntoa" should produce a few
documents on using this function. 

Another option would be to use the MyAccess ODBC driver, but I don't know if
M$ Access has a function like "inet_ntoa".

- Jeff

-----Original Message-----
From: Graham, Randy (RAW) [mailto:RAW () y12 doe gov]
Sent: Friday, February 08, 2002 1:59 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort and M$ Access?????


Sorry, but I'm forced to ask this...

I have recently gotten Snort 1.8.3 running with mysql and ACID 0.9.6b19 on a
couple of RedHat 7.2 boxen (I know, Marty - I'm working on learning *BSD
well enough to correct the error of my ways).  Everything is working great,
and I love it.  Today, the bosses come to me and ask if we can make Snort
output to an Access database instead.  Knowing where this is going, I try to
fend it off by telling a little lie about what databases Snort supports
(mysql and postgres only).  So, they ask about dumping the mysql database
info into an Access file or flat text so Access can read it in.  Apparently,
they want to store the data on our "more secure" Win2k server.  Keep in mind
that these are the same people who won't let me use open source software
because someone might have compiled a trojan in to the source I'm
downloading...

Anyway, what I really need to know is, does there exist some tool that will
allow for "easy" (meaning little work for me, and I don't care how much work
for others) migration/transport of the mysql database info from my Linux
machine to their Win2K box?  If so, does there exist a tool to pull that
info back out in a usable format - something comparable to ACID or
SnortSnarf?

I don't even know what else to ask, because I'm still flat on my back from
effectively being told that my Linux machine (which only has ssh and the
stunnel connection for mysql input from other sensors open) is not as secure
as their Win2K machine (which acts as the department print and file server,
and had IIS running unbeknownst to our admin for 6+ months until we
discovered it in a routine scan before Christmas).  As I understand more
what the bosses want, I may be back with more questions.

Oh yea, and I may be slightly biased against the M$ based solution, but if
someone can show me a good way to do this with an M$ OS and an M$ database,
I'll at least seriously consider it.

Randy Graham
-- 
The Internet?  Bah!  Is that thing still around?  -- Homer Simpson
http://www.securitynewbie.com/ - for people like me

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: