Snort mailing list archives
Re: Publishing http attributes
From: Russ <rucombs () cisco com>
Date: Tue, 28 Jun 2016 07:17:46 -0400
On 6/28/16 5:26 AM, Akhil Koul wrote:
You need to define new DataEvent subclasses and publish them from the HTTP inspector.HelloFor a project I am working on, I would like to publish http host, version and method so that it is available to subscribers. Currently, only http_raw_uri is published which is subscribed and logged by data_log inspector.I would like the data_log inspector to be able to subscribe to above attributes(or maybe a new inspector which can subscribe to and handle several http attributes).How do I do this? Any help will be appreciated.
Thanks Akhil ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Publishing http attributes Akhil Koul (Jun 28)
- Re: Publishing http attributes Seshaiah Erugu (serugu) (Jun 28)
- Re: Publishing http attributes Russ (Jun 28)