Snort mailing list archives

Re: mostly an (my)sql question.

From: "Roman Danyliw" <roman () danyliw com>
Date: Mon, 1 Mar 2004 18:37:23 -0500 (EST)

Try the following:

SELECT event.cid, inet_ntoa(ip_src), inet_ntoa(ip_dst), sig_name 
FROM event
LEFT JOIN iphdr ON event.cid = iphdr.cid AND event.sid = iphdr.sid
LEFT JOIN signature ON event.signature = signature.sig_id
WHERE event.cid > 0 AND iphdr.cid = event.cid
LIMIT 500 

Roman

On Mon, 1 Mar 2004 11:28:04 -0600, John <strgout () unixjunkie com> wrote :

i've just started learning sql, and was wondering if
someone could give me a hand. I'm using per-dbi for
queries. 

at the moment. this is what my sql statement looks like.

SELECT event.cid,inet_ntoa(ip_src),inet_ntoa(ip_dst)
                        FROM event,iphdr
                        WHERE event.cid > 0
                        AND iphdr.cid = event.cid
                        LIMIT 500 

That much works fine. it prints events 1-500 However i 
can't seem to figure out how to link the signature table 
into this. I've tried many (bad :) ) things, and the end
result is a query that never ends most of the time or
even.cid goes from 1,6,10,etc,etc

So lets say i also want to print the priority of the
event, how would i add that?


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

mostly an (my)sql question. John (Mar 01)
- <Possible follow-ups>
- RE: mostly an (my)sql question. John (Mar 01)
- Re: mostly an (my)sql question. Roman Danyliw (Mar 01)