Snort mailing list archives

Re: Barnyard2 output to postgreSQL

From: beenph <beenph () gmail com>
Date: Sat, 24 May 2014 13:26:10 -0400

You will need to cast the value and use built-in function if you want
them to be displayed in doted notation.

http://www.postgresql.org/docs/9.3/static/datatype-net-types.html
http://www.postgresql.org/docs/9.3/static/typeconv-func.html
cast to cidr
And use the function
http://www.postgresql.org/docs/9.3/static/functions-net.html

ex: select ('0x' || lpad(to_hex(ip_src),8,'0'))::cidr from iphdr limit 1;

But you could also build your own function/proc that would do it, but
in the end you better handle that at the front-end
and build your queries according to host ordered integer for network addresses.



 -elz


On Fri, May 23, 2014 at 9:25 PM, Avery Rozar
<Avery.Rozar () i-techsupport com> wrote:

Is something wrong with my ip info from barnyard2? The ip address are not showing up as standard IPv4 as I’d thought.

csdashboard=# select * from iphdr ;
 sid | cid |   ip_src   |   ip_dst   | ip_ver | ip_hlen | ip_tos | ip_len | ip_id | ip_flags | ip_off | ip_ttl | 
ip_proto | ip_csum
-----+-----+------------+------------+--------+---------+--------+--------+-------+----------+--------+--------+----------+---------
   1 |   1 | 2886730039 | 2887777037 |      4 |       5 |      0 |    663 |  4063 |        0 |      0 |     64 |      
  6 |   54285
   1 |   2 | 2886730039 | 2887777037 |      4 |       5 |      0 |    663 | 28735 |        0 |      0 |     64 |      
  6 |   29613
   1 |   3 | 1815870597 | 2887777037 |      4 |       5 |      0 |    419 | 51507 |        0 |      0 |     60 |      
  6 |   25651

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Barnyard2 output to postgreSQL Avery Rozar (May 23)
- Re: Barnyard2 output to postgreSQL beenph (May 24)
- <Possible follow-ups>
- Re: Barnyard2 output to postgreSQL Avery Rozar (May 23)
  - Re: Barnyard2 output to postgreSQL Y M (May 24)
    - Re: Barnyard2 output to postgreSQL Avery Rozar (May 24)