Snort mailing list archives
Re: Output Plugin writing
From: eschnei () CLEMSON EDU
Date: Thu, 26 Apr 2007 16:09:00 -0400 (EDT)
I have looked at the ruletypes, and that was what I was using at first. The only problem is I need to pull out data from the packet and format it for our own reporting system, that is pike delimited. Brian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you ever looked at the custom output options? Search for the word "redalert" in your snort.conf. +---------------------------------------------------------------------+ Joel Esler Security Consultant gpg key: http://demo.sourcefire.com/jesler.pgp.key +---------------------------------------------------------------------+ On Apr 26, 2007, at 3:19 PM, eschnei () CLEMSON EDU wrote:Hi, I am a new snort user, I've been able to write some customized rules and look at different output options snort provides as a default. I want to have it only called when I hit my customized rules, and then based on the rule it hits and the attributes for the rule, I want the alert and packet data written to a specific file that isn't the alert file the other snort rules use. That being said, I am having trouble setting up the plugin, the different functions that need to be inside of it so snort can use it. Does anybody have a good template I might be able to use? Thanks for your help. Brian ---------------------------------------------------------------------- --- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGMP0QKbCSyXHckt4RArjDAJ0YHgGKr5xrHOxoeGJUc8n6CIQBxwCgnIML 37PKoHN01z34lx7mv3TFFM4= =ca9c -----END PGP SIGNATURE-----
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Output Plugin writing eschnei (Apr 26)
- Re: Output Plugin writing Joel Esler (Apr 26)
- Re: Output Plugin writing eschnei (Apr 26)
- Message not available
- Re: Output Plugin writing Jason Brvenik (Apr 26)
- Re: Output Plugin writing eschnei (Apr 27)
- Re: Output Plugin writing Jason Brvenik (Apr 27)
- Re: Output Plugin writing eschnei (Apr 26)
- Re: Output Plugin writing Joel Esler (Apr 26)