Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Executing SQL (postgresql) to get results?

From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Fri, 04 Oct 2002 13:12:26 -0700
 The ip address are store in the database as one number rather than four
octets of numbers as in the pre-100 schema.  I know there is functions in
MySQL to do the conversion back to a dotted octet, but don't know about
Postgres.

e.g. 120.210.140.16 would be store in the database as:

120 * 256^3 + 210 * 256^2 + 140 * 256 + 16 = 2027064336

-----Original Message-----
From: Sloan Bowman
To: Snort Users List
Sent: 10/4/02 9:07 AM
Subject: [Snort-users] Executing SQL (postgresql) to get results?

I am wanting to create a view in postgresql to show me the signature
ipsrc 
ipdst and timestamp and I can' figure out how I would do this with the
way 
the database is currently setup. I see no reference to any ip addresses 
anywhere in the database. The reason I am wanting to do this is because
I 
am currently using ACID and its slow as Christmas archiving and deleting

data from the database. I want to use EXPLAIN to test out why this is
the 
case. Thanks again.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: