When BASE displays ip and its DNS name.
where does it resolve ip address in Alert?
does Snort resolve it and stores in MYSQL?
or do they get resolved as it gets displayed in BASE?
If it's BASE, then is it on the Snort server by Apache or client machine?
it is BASE that tries to resolve the ip address. And php code is generally executed on the web server (apache)
Cf. baseGetHostByAddr() in includes/base_net.inc.php.
Log in to post a comment.