Snort mailing list archives
Re: How get list of valid app names for appids rule option.
From: Russ via Snort-users <snort-users () lists snort org>
Date: Fri, 5 Oct 2018 17:26:08 -0400
Je ne suis pas surpris. :) But we need more info. On 10/5/18 4:50 PM, Diddi amiibiai via Snort-users wrote:
je travail sur Windows 7 j'ai besoin d'aide.Le ven. 5 oct. 2018 à 17:39, Meridoff via Snort-users <snort-users () lists snort org <mailto:snort-users () lists snort org>> a écrit :Cool, thanks! чт, 4 окт. 2018 г. в 21:32, Mike Stepanek (mstepane) <mstepane () cisco com <mailto:mstepane () cisco com>>: It would actually be preferable to use the 2^nd column in appMapping.data (the "pretty" name; the one with caps and spaces and whatnot). We used to use the last column years ago, but we've since then standardized on the 2^nd column. Internally, there's a bit of normalization that happens (lower case, underscores, etc) for a bit of backward compatibility... and they match MOST of the time. I would recommend, though, sticking with the 2^nd column. - Mike Stepanek *From: *Snort-users <snort-users-bounces () lists snort org <mailto:snort-users-bounces () lists snort org>> on behalf of Andy Swartzbaugh via Snort-users <Snort-users () lists snort org <mailto:Snort-users () lists snort org>> *Reply-To: *Andy Swartzbaugh <andy.swartzbaugh () gmail com <mailto:andy.swartzbaugh () gmail com>> *Date: *Thursday, October 4, 2018 at 10:26 AM *To: *Meridoff <oagvozd () gmail com <mailto:oagvozd () gmail com>> *Cc: *"Snort-users () lists snort org <mailto:Snort-users () lists snort org>" <Snort-users () lists snort org <mailto:Snort-users () lists snort org>> *Subject: *Re: [Snort-users] How get list of valid app names for appids rule option. I believe that the last column of the 'src/network_inspectors/appid/odp/appMapping.data' file will give you what you need. With the following snort.lua configuration element: appid = { debug = true, } You only get the following appid-specific debug information from the executable (which unfortunately does not include the list of appid names): AppId Lua-Detector Stats: instance 0, odp detectors 0, custom detectors 0, total memory 33 kb On Thu, Oct 4, 2018 at 7:21 AM Meridoff via Snort-users <snort-users () lists snort org <mailto:snort-users () lists snort org>> wrote: Hello, subj. For snort++. How is the simplest wayt to get valid names that can be used in appids rules option ? I have the ODP dir with lua odp modules, I need to parse them to get names? The valid name is DetectorPackageInfo.name filed ? Thanks _______________________________________________ Snort-users mailing list Snort-users () lists snort org <mailto:Snort-users () lists snort org> Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org <mailto:snort-users-leave () lists snort org> Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette _______________________________________________ Snort-users mailing list Snort-users () lists snort org <mailto:Snort-users () lists snort org> Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org <mailto:snort-users-leave () lists snort org> Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- How get list of valid app names for appids rule option. Meridoff via Snort-users (Oct 04)
- Re: How get list of valid app names for appids rule option. Andy Swartzbaugh via Snort-users (Oct 04)
- Re: How get list of valid app names for appids rule option. Andy Swartzbaugh via Snort-users (Oct 04)
- Re: How get list of valid app names for appids rule option. Mike Stepanek (mstepane) via Snort-users (Oct 04)
- Re: How get list of valid app names for appids rule option. Meridoff via Snort-users (Oct 05)
- Re: How get list of valid app names for appids rule option. Diddi amiibiai via Snort-users (Oct 05)
- Re: How get list of valid app names for appids rule option. Russ via Snort-users (Oct 05)
- Re: How get list of valid app names for appids rule option. Andy Swartzbaugh via Snort-users (Oct 04)