Snort mailing list archives
Re: How to use alertAdd to generate a "variable" alert message?
From: Hai Minh Nguyen <lightsea90 () gmail com>
Date: Tue, 28 May 2013 01:49:43 +0700
Help me, please! On Sat, May 25, 2013 at 11:16 PM, Hai Minh Nguyen <lightsea90 () gmail com>wrote:
Hi, I'm using _dpd.alertAdd to raise an alert in my dynamic preprocessor. But I face a problem: I ran this code: char alert[256]; double score = MyFunction(); sprintf(alert, "Alert: Score = %lf", score); _dpd.alertAdd(DPX_GID, DPX_DST_SID, 1, 0, 3, alert, 0); I'm using 2 output modules to check it: alert_fast and unified2 (to mysql by barnyard2). I checked the result in alert_fast output file but it didn't show the correct alert message (e.g. Alert: Score = 10.00000) ! In fact, the message contains special characters. For mysql database, barnyard2 cant save the alert with the message so it save as "Snort: Alert", it noticed that the trouble is of sid-msg.map and gen-msg.map. Could you please tell me how to solve my problem? How can I get the correct message and save the alert with it on Snort database? -- Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một lần, nhưng chưa ai qua nổi quá tam chiêu!!!
-- Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một lần, nhưng chưa ai qua nổi quá tam chiêu!!!
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 25)
- Re: How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 27)
- Re: How to use alertAdd to generate a "variable" alert message? Russ Combs (May 27)
- Re: How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 30)
- Re: How to use alertAdd to generate a "variable" alert message? Russ Combs (May 27)
- Re: How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 27)