This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SQL Database Store

0

A similar question was asked in 10/2011 so I'll test the waters again to see if anything has changed since then.
Has an extension or plugin been developed that supports taking filtered packets and storing them directly into a database (yes, the schema would need to be compatible with the export)? I have tested the C5 Sigma code and while it works well, the latency incurred in creating a PCAPNG file, closing the file while opening another PCAPNG file, then launching the C5 Sigma to store the data plus the complexity of writing O/S script code to orchestrate this process on a continuing basis doesn't fit well with the intended application. If not, is there an API that supports exporting the capture (preferably a pre/post-cap filtered) that can be programatically (preferably late binding) access to perform this store?

asked 13 Feb '13, 10:49

r772's gravatar image

r772
1112
accept rate: 0%

edited 13 Feb '13, 10:50

A similar question was asked in 10/2011

can you please post the link to that question?

(13 Feb '13, 11:11) Kurt Knochner ♦

Is this asking for a tap somehow?

(13 Feb '13, 12:20) Jaap ♦

One Answer:

0

I recommend to look at some of these projects.

https://labs.ripe.net/Members/wnagele/large-scale-pcap-data-analysis-using-apache-hadoop
http://code.google.com/p/pcap2sql/
http://www.commandfive.com/downloads/c5sigma.html (you mentioned it already)

Regards
Kurt

answered 13 Feb '13, 13:07

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%