[Snort-devel] Problem trying to generate full packet dumps from preprocessors in snort-1.8.7 betas.
cmg at ...402...
Tue Jun 11 20:56:01 EDT 2002
Andreas Östling <andreaso at ...387...> writes:
> I was playing around with a simple preprocessor using snort-1.8.7beta6
> and could not manage to generate alerts with full packet dumps from it.
> Generating alerts is no problem. The alerts show up in the alert file but
> that's it (yes, I'm using -d). No dirs created, and when in binary logging
> mode the binary log stays empty even though alerts are being generated.
> (When using a regular test rule, alerts including full dumps are being
> generated for it just as expected. Only the preprocessor is a problem.)
> After creating event and logmsg, I call:
> CallAlertFuncs(p, logmsg, NULL, &event);
> CallLogFuncs(p, logmsg, NULL, &event);
> Shouldn't that be enough? (p is the usual Packet pointer (which isn't
Yeah that should be enough. Hrm, are you still seeing the problem?
I had andrew go look at it but I don't think he found anything.
I'll take another gander at it. Are you still having this problem?
Chris Green <cmg at ...402...>
I've had a perfectly wonderful evening. But this wasn't it.
-- Groucho Marx
More information about the Snort-devel