Re: [Snort-users] Output Plugin writing
This is a discussion on Re: [Snort-users] Output Plugin writing within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you ever looked at the custom output options? Search for the word "...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-26-2007
|
|||
|
|||
Re: [Snort-users] Output Plugin writing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Have you ever looked at the custom output options? Search for the word "redalert" in your snort.conf. +---------------------------------------------------------------------+ Joel Esler Security Consultant gpg key: http://demo.sourcefire.com/jesler.pgp.key +---------------------------------------------------------------------+ On Apr 26, 2007, at 3:19 PM, eschnei@CLEMSON.EDU wrote: > Hi, > I am a new snort user, I've been able to write some customized > rules and > look at different output options snort provides as a default. I > want to > have it only called when I hit my customized rules, and then based > on the > rule it hits and the attributes for the rule, I want the alert and > packet > data written to a specific file that isn't the alert file the other > snort > rules use. That being said, I am having trouble setting up the > plugin, the > different functions that need to be inside of it so snort can use it. > Does anybody have a good template I might be able to use? Thanks > for your > help. > > Brian > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGMP0QKbCSyXHckt4RArjDAJ0YHgGKr5xrHOxoeGJUc8 n6CIQBxwCgnIML 37PKoHN01z34lx7mv3TFFM4= =ca9c -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
