Snort mailing list archives
Re: [Snort-user] how to get input for snort rules
From: zT <zzahra88 () gmail com>
Date: Sat, 31 Jan 2015 14:22:13 +0330
i found answer for second question, just add NULL to function call, it will be solved. On Fri, Jan 30, 2015 at 12:22 AM, zT <zzahra88 () gmail com> wrote:
hello all, i have 2 question: 1- i want to write a rule that get a keyword from terminal and match it with packet content. for this i try to use dynamic module. is this right work ? or can i try easy way :( 2- when i try to test a dynamic rule this happend: i have test example of snortIDS&IPS TOOLKIT.pdf about dynamic modules. I copy code of that file and i got this error in my InnerWorkingsDynmaicRules: InnerWorkingsDynamicRules.c:48:2: error: too few arguments to function ‘RegisterRules’ and this is the content of that file: extern Rule sid109; extern Rule sid637; extern Rule Rule2329; Rule *rules[] = { &sid109,&sid637,&Rule2329,NULL }; int InitializeDetection() { return RegisterRules(rules); } i'm really confuse. rules is an array of rules and these codes are the same as codes in snort IDS&IPS TOOLKIT.pdf .what is going wrong in these codes??? thanks & Regards
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [Snort-user] how to get input for snort rules zT (Jan 29)
- Re: [Snort-user] how to get input for snort rules zT (Jan 31)