Re: Preprocessor Event Documentation

[Nigel Houghton <nhoughton () sourcefire com>]

On Wed, Aug 19, 2009 at 4:40 PM, John Duksta<jduksta () gmail com> wrote:
> Does any useful documentation of the preprocessor events exist?
> I've never seen any and I could really use some for my SOC analysts.
>
> Thanks,
> -j
>
>
> --
> John Duksta <jduksta () gmail com>
> Can't sleep, clowns will eat me.
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


The preprocessor event docs can be found in the rules tarball with all
the other rule event docs. The format for the filenames is
GID-SID.txt.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users