[Snort-devel] Problem trying to generate full packet dumps from preprocessors in snort-1.8.7 betas.

Chris Green cmg at ...402...
Tue Jun 11 20:56:01 EDT 2002


Andreas Östling <andreaso at ...387...> writes:

> I was playing around with a simple preprocessor using snort-1.8.7beta6
> and could not manage to generate alerts with full packet dumps from it.
> Generating alerts is no problem. The alerts show up in the alert file but
> that's it (yes, I'm using -d). No dirs created, and when in binary logging
> mode the binary log stays empty even though alerts are being generated.
> (When using a regular test rule, alerts including full dumps are being
> generated for it just as expected. Only the preprocessor is a problem.)
>
> After creating event and logmsg, I call:
>
> CallAlertFuncs(p, logmsg, NULL, &event);
> CallLogFuncs(p, logmsg, NULL, &event);
>
> Shouldn't that be enough? (p is the usual Packet pointer (which isn't
> NULL))

Yeah that should be enough.   Hrm, are you still seeing the problem?
I had andrew go look at it but I don't think he found anything.

I'll take another gander at it.  Are you still having this problem?

-- 
Chris Green <cmg at ...402...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx





More information about the Snort-devel mailing list