[Snort-devel] generators[.h]

Zachary Uram netrek at ...1633...
Wed Oct 23 12:21:07 EDT 2002


Huh? I never saw Phil Wood's original message.  I also noticed this with 
Christ Green's reply in which he cites a message from Jeff Nathan.
BTW is Snort an open source project? How does one become a developer? Are 
there any small tasks that lesser clued newbie developers (i.e. me heh) 
could try to work on?

Zach

<jeff at ...835...> writes

At 09:52 PM 10/22/02, you wrote:
>Phil Wood <cpw at ...86...> writes:
>
> > Folks,
> >
> > I'm taking a closer look at the alert/log generation.  Actually, I just
> > wanted to understand the short message format:
> >
> > MM/DD-HH:MM:SS.UUUUUU  [**] [GEN:SID:REV] msg [**] {PROTO} SADDR:SPORT 
> -> DADDR:DPORT
> >
> > I was alright until I broke down the [n:n:n] field, and then looked at my
> > alerts, and then back at the preprocessor alerts, and then ...
> >
> > But, now I'm ok.  I would personally leave out the "(preprocessor)" stuff
> > and just let people in on the meaning of the GEN field of the [n:n:n] 
> structure.
> > Or, on the otherhand, add in to each msg generated by the snort_engine
> > "(snort_engine)".
>
>That was added so that when people were asking "WTF is this message
>coming from... I disabled every single rule I could" , they would have
>a bit of knowledge about what part of snort it was coming from.
>
>Most people seem to use either full or sql output.  <sigh>
> >
> > Any post processor worth it's salt could index the GEN value into a list of
> > generators.  Of course you could argue the same for the SID.
>
>You could. :^).
>--
>Chris Green <cmg at ...402...>
>This is my signature. There are many like it but this one is mine.
>
>
>-------------------------------------------------------
>This sf.net emial is sponsored by: Influence the future
>of Java(TM) technology. Join the Java Community
>Process(SM) (JCP(SM)) program now.
>http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote
>_______________________________________________
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-devel

Zachary Uram
John 3:16
<><





More information about the Snort-devel mailing list