Snort mailing list archives
Re: [Dynamic Preprocessor] How to log packet and output alert: genSnortEvent or alertAdd?
From: Russ Combs <rcombs () sourcefire com>
Date: Wed, 22 May 2013 14:25:25 -0400
On Mon, May 20, 2013 at 5:23 AM, Hai Minh Nguyen <lightsea90 () gmail com> wrote:
Hi, I'm developing a dynamic preprocessor by DPX. After processing a packet, I might generate an alert and log that packet for later analyzing if I found it abnormal. My problem: I found 2 member of DynamicPreprocessorData struct: alertAdd and genSnortEvent. I supposed those could help me. But I dont understand the difference between 2 member yet. Which of them should I choose for my purpose? If you know any other way, feel free to raise your idea.
Use alertAdd() to raise the alert. Check dpx.c for an example.
BRs, -- Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một lần, nhưng chưa ai qua nổi quá tam chiêu!!! ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [Dynamic Preprocessor] How to log packet and output alert: genSnortEvent or alertAdd? Hai Minh Nguyen (May 20)
- Re: [Dynamic Preprocessor] How to log packet and output alert: genSnortEvent or alertAdd? Russ Combs (May 22)
- Re: [Dynamic Preprocessor] How to log packet and output alert: genSnortEvent or alertAdd? Hai Minh Nguyen (May 25)
- Re: [Dynamic Preprocessor] How to log packet and output alert: genSnortEvent or alertAdd? Russ Combs (May 22)