1) Don't use ACID. Use BASE if you wish to maintain that
functionality. base.secureideas.net
2) Don't have Snort writing directly to DB. Please look into Barnyard.
Joel
On Nov 9, 2007, at 2:43 PM, dhottinger@harrisonburg.k12.va.us wrote:
--- cut ---
#!/usr/bin/perl
use strict;
sub hex_to_ascii ($)
{
(my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg;
return $str;
}
my $str;
while ($str=<STDIN>)
{
my $a_str = hex_to_ascii $str;
print "\n\nASCII Output:\n";
print $a_str;
}
--- paste ---
PaulM
Thanks,
I use ACID for my alerts. Snort with --mysql option. Snort version
2.8.0. I'll send the payload to you then.
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"rarely do people communicate, they just take turns talking"
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a
browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
