從snort 的mysql 中撈出所需的資料

select signature.sig_name,event.timestamp,inet_ntoa(iphdr.ip_src),inet_ntoa(iphdr.ip_dst) FROM iphdr,event,signature where inet_ntoa(iphdr.ip_dst)="1.1.1.1" and iphdr.cid=event.cid and event.signature=signature.sig_id;

snort table schema