Snort mailing list archives

Previous By Date Next
Previous By Thread Next

How does one print out summary of unique addresses.

From: "Raymond Jacob" <jacob_raymond () hotmail com>
Date: Mon, 08 Apr 2002 17:45:00 +0000
I am trying to determine all the source ip addresses
that are not on my network that generated alerts over
a 72hour period. I have no problem doing this. Next
I determine all of the unique ip addresses that generated
alerts based on my previous queury. Lastly, I want to
email the 1st 5-pages of this list to my account
to go through the ones with the highest hits
individually. Question: How do I capture the
results of the subquery for all unique ip addresses
that generated alerts?

I already know the copy, paste,next page, repeat
until done method.

As a follow up can you construct a query that will
aggregate all of the hits by user defined subnet mask
i.e. combine all ip's that belong to the same
network into one output record. for example
net/address    #of alertws   type of alerts #of sensor
123.43.0.0/16   300            4               2

Thank you,
Raymond


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: