[Snort-devel] xml format samples

Mike Andersen mike.andersen at ...139...
Wed Feb 7 12:41:04 EST 2001

[Todd Lewis]
| Here are some samples of what an XMLified rule file might look like:

Nice, but I would like to have more information in the rule (see the
example I've included).

| 	<bcontent>88042020202020202020202020202020</bcontent>

It might be an advantage to add information about which encoding that is
used for the binary content.  Something like:

   <content encoding="blah">88042020202020202020202020202020</content>

Here is an example that we are using internally (we are also planning to
make snort XML aware):

<?xml version="1.0"?>
    <title>TFTP parent directory</title> 
       This event indicates a tftp request for an file outside of
       designated tftp directory (..).  tftp does not use
       authentication, and early versions of the daemon allowed
       retrieval of any file on the server.
      <name>Max Vision</name> 

Tact is the ability to tell a man he has an open mind when he has a
hole in his head.

More information about the Snort-devel mailing list