Snort mailing list archives
Re: Writing a snort rule with dynamic message!
From: Joel Esler <jesler () sourcefire com>
Date: Sat, 31 Aug 2013 09:36:52 -0400
No. That feature is not available at this time. -- Joel Esler Sent from my iPad On Aug 31, 2013, at 2:50 AM, Hamid Reza Hasani <hr.hasani () gmail com> wrote:
Hi all, I'm not sure whether this question is related to snort-devel mailing list or not, so sorry if it is not related to this mailing list! I wonder there is a way (except dynamic rules!) to put some dynamic value to snort rule's message. I mean for example I want to add payload's length value to rule message, is it possible? e.g.: alert ip any any -> any any (msg:"prefix length overflow attempt (length is %d)", somevalue;) thanks for your hard work and good product! ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Writing a snort rule with dynamic message! Hamid Reza Hasani (Aug 30)
- Re: Writing a snort rule with dynamic message! Joel Esler (Aug 31)