Extending unified2 output with custom information from dynamic preprocessor

[Jan Hermes <jan.hermes () hotmail de>]

Hello,

I developed a dynamic preprocessor that extracts custom important
information out of network packages that are not included in the
unified2 output.

Under the following assumptions:

- There is a fully working dynamic preprocessor SNIFF that works on a
new network protocol
- I wrote a rule that makes SNIFF trigger a Snort alert with a custom
message if a specified source name was matched.
- The message is in the form of ** (...) sourcename -> destname  
etc...** it gets created in the SNIFF preprocessor and added to the
alert message.
- Normal console Alerts or alert.log are showing this additional
information
- The unified2 output with it's specified information with different
variables is not showing any of this additional alert message
information

Is there a way to add new information to the unified2 output? If yes,
can you point me towards a specific direction?

Thanks and Greetings
Jan

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!