Writing a snort rule with dynamic message!

[Hamid Reza Hasani <hr.hasani () gmail com>]

Hi all,
I'm not sure whether this question is related to snort-devel mailing list
or not, so sorry if it is not related to this mailing list!
I wonder there is a way (except dynamic rules!) to put some dynamic value
to snort rule's message. I mean for example I want to add payload's length
value to rule message, is it possible?
e.g.: alert ip any any -> any any (msg:"prefix length overflow attempt
(length is %d)", somevalue;)

thanks for your hard work and good product!

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!