Snort mailing list archives
Re: How to use alertAdd to generate a "variable" alert message?
From: Hai Minh Nguyen <lightsea90 () gmail com>
Date: Fri, 31 May 2013 13:40:58 +0700
Thanks, Russ! :) Solved! On Tue, May 28, 2013 at 9:44 AM, Russ Combs <rcombs () sourcefire com> wrote:
On Mon, May 27, 2013 at 2:49 PM, Hai Minh Nguyen <lightsea90 () gmail com> wrote:Help me, please! On Sat, May 25, 2013 at 11:16 PM, Hai Minh Nguyen <lightsea90 () gmail com> wrote:Hi, I'm using _dpd.alertAdd to raise an alert in my dynamic preprocessor.ButI face a problem: I ran this code: char alert[256]; double score = MyFunction(); sprintf(alert, "Alert: Score = %lf", score); _dpd.alertAdd(DPX_GID, DPX_DST_SID, 1, 0, 3, alert, 0); I'm using 2 output modules to check it: alert_fast and unified2 (tomysqlby barnyard2). I checked the result in alert_fast output file but itdidn'tshow the correct alert message (e.g. Alert: Score = 10.00000) ! Infact, themessage contains special characters.If by "special characters" you mean something other than what you put in your alert[] buffer, you need to make alert[] static or declare it outside of your function. Only the pointer to alert[] is actually queued. Note that alertAdd() does not consume your data before returning. It is queued for later use. If you allow other such alerts to fire at the same time, you will need multiple buffers too.For mysql database, barnyard2 cant save the alert with the message so it save as "Snort: Alert", it noticed that the trouble is of sid-msg.mapandgen-msg.map. Could you please tell me how to solve my problem? How can I get the correct message and save the alert with it on Snort database? -- Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một lần, nhưng chưa ai qua nổi quá tam chiêu!!!-- Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bạimộtlần, nhưng chưa ai qua nổi quá tam chiêu!!!------------------------------------------------------------------------------Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoringservicethat delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt!http://p.sf.net/sfu/newrelic_d2d_may_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
-- Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một lần, nhưng chưa ai qua nổi quá tam chiêu!!!
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 25)
- Re: How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 27)
- Re: How to use alertAdd to generate a "variable" alert message? Russ Combs (May 27)
- Re: How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 30)
- Re: How to use alertAdd to generate a "variable" alert message? Russ Combs (May 27)
- Re: How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 27)