Re: Barnyard2 output to postgreSQL

[Y M <snort () outlook com>]

> Is this due to HEX encoding?
Databases do not have a dot-decimal notation data type to store IP addresses, instead they are usually stored as 
unsigned integers into the database for achieving small storage footprint and better performance (as opposed to 
strings). In MySQL the conversion between the two notations can be done through the built-in functions INET_NTOA() and 
INET_ATON(). I do not have specific experience with PostgresSQL, but it may have similar functions that you can use in 
your query. There are online conversion tools as well that you can test with.
Hope this helpsYM

> From: Avery.Rozar () i-techsupport com
> To: Avery.Rozar () i-techsupport com; snort-users () lists sourceforge net
> Date: Sat, 24 May 2014 01:42:12 +0000
> Subject: Re: [Snort-users] Barnyard2 output to postgreSQL
>
> Is this due to HEX encoding?
>
> On 5/23/14, 9:25 PM, "Avery Rozar" <Avery.Rozar () i-techsupport com> wrote:
>
> > Is something wrong with my ip info from barnyard2? The ip address are not
> > showing up as standard IPv4 as I¹d thought.
> >
> > csdashboard=# select * from iphdr ;
> > sid | cid |   ip_src   |   ip_dst   | ip_ver | ip_hlen | ip_tos | ip_len
> > | ip_id | ip_flags | ip_off | ip_ttl | ip_proto | ip_csum
> > -----+-----+------------+------------+--------+---------+--------+--------
> > +-------+----------+--------+--------+----------+---------
> >   1 |   1 | 2886730039 | 2887777037 |      4 |       5 |      0 |    663
> > |  4063 |        0 |      0 |     64 |        6 |   54285
> >   1 |   2 | 2886730039 | 2887777037 |      4 |       5 |      0 |    663
> > | 28735 |        0 |      0 |     64 |        6 |   29613
> >   1 |   3 | 1815870597 | 2887777037 |      4 |       5 |      0 |    419
> > | 51507 |        0 |      0 |     60 |        6 |   25651
> >
> > --------------------------------------------------------------------------
> > ----
> > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > Instantly run your Selenium tests across 300+ browser/OS combos.
> > Get unparalleled scalability from the best Selenium testing platform
> > available
> > Simple to use. Nothing to install. Get started now for free."
> > http://p.sf.net/sfu/SauceLabs
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!