Re: [Snort-users] Output Plugin writing
This is a discussion on Re: [Snort-users] Output Plugin writing within the Snort forums, part of the System Security and Security Related category; I have looked at the ruletypes, and that was what I was using at first. The only problem is I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-26-2007
|
|||
|
|||
Re: [Snort-users] Output Plugin writing
I have looked at the ruletypes, and that was what I was using at first.
The only problem is I need to pull out data from the packet and format it for our own reporting system, that is pike delimited. Brian > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Have you ever looked at the custom output options? Search for the > word "redalert" in your snort.conf. > > > +---------------------------------------------------------------------+ > Joel Esler Security Consultant > gpg key: http://demo.sourcefire.com/jesler.pgp.key > +---------------------------------------------------------------------+ > > > > On Apr 26, 2007, at 3:19 PM, eschnei@CLEMSON.EDU wrote: > >> Hi, >> I am a new snort user, I've been able to write some customized >> rules and >> look at different output options snort provides as a default. I >> want to >> have it only called when I hit my customized rules, and then based >> on the >> rule it hits and the attributes for the rule, I want the alert and >> packet >> data written to a specific file that isn't the alert file the other >> snort >> rules use. That being said, I am having trouble setting up the >> plugin, the >> different functions that need to be inside of it so snort can use it. >> Does anybody have a good template I might be able to use? Thanks >> for your >> help. >> >> Brian >> >> ---------------------------------------------------------------------- >> --- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Snort-users mailing list >> Snort-users@lists.sourceforge.net >> Go to this URL to change user options or unsubscribe: >> https://lists.sourceforge.net/lists/...fo/snort-users >> Snort-users list archive: >> http://www.geocrawler.com/redir-sf.p...st=snort-users >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (Darwin) > > iD8DBQFGMP0QKbCSyXHckt4RArjDAJ0YHgGKr5xrHOxoeGJUc8 n6CIQBxwCgnIML > 37PKoHN01z34lx7mv3TFFM4= > =ca9c > -----END PGP SIGNATURE----- > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
