Snort mailing list archives
Re: Dynamic Preprocessor does not alert and capture packet
From: Hui cao <huica () cisco com>
Date: Thu, 09 Jul 2015 09:19:28 -0400
Have you tried dpx? https://www.snort.org/documents/dpx-readme Best, Hui. On 07/09/2015 08:50 AM, Hui cao wrote:
Hi Big Whale,Can you describe in detail what works and what not? Which decoder rule? Have you seen the rule get triggered in your preprocessor? Again, SSH preprocessor has example how to generate a preprocessor alert.Best, Hui. On 07/09/2015 12:46 AM, Big Whale wrote:I already add "config autogenerate_preprocessor_decoder_rules" in my snort.conf file and put the plugin's alerts in the preprocessor.rules and gen-msg.map. But still no alert from my preprocessor. The preprocessor loaded correctly.------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visithttp://blog.snort.org for the latest news about Snort!------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Dynamic Preprocessor does not alert and capture packet Big Whale (Jul 08)
- Re: Dynamic Preprocessor does not alert and capture packet Hui cao (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Hui cao (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Big Whale (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Hui cao (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Big Whale (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Russ (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Big Whale (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Russ (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Hui cao (Jul 09)
- Re: Dynamic Preprocessor does not alert and capture packet Russ (Jul 09)