[Snort-devel] generators[.h]

Zachary Uram netrek at ...1633...
Wed Oct 23 12:21:07 EDT 2002

Huh? I never saw Phil Wood's original message.  I also noticed this with 
Christ Green's reply in which he cites a message from Jeff Nathan.
BTW is Snort an open source project? How does one become a developer? Are 
there any small tasks that lesser clued newbie developers (i.e. me heh) 
could try to work on?


<jeff at ...835...> writes

At 09:52 PM 10/22/02, you wrote:
>Phil Wood <cpw at ...86...> writes:
> > Folks,
> >
> > I'm taking a closer look at the alert/log generation.  Actually, I just
> > wanted to understand the short message format:
> >
> >
> > I was alright until I broke down the [n:n:n] field, and then looked at my
> > alerts, and then back at the preprocessor alerts, and then ...
> >
> > But, now I'm ok.  I would personally leave out the "(preprocessor)" stuff
> > and just let people in on the meaning of the GEN field of the [n:n:n] 
> structure.
> > Or, on the otherhand, add in to each msg generated by the snort_engine
> > "(snort_engine)".
>That was added so that when people were asking "WTF is this message
>coming from... I disabled every single rule I could" , they would have
>a bit of knowledge about what part of snort it was coming from.
>Most people seem to use either full or sql output.  <sigh>
> >
> > Any post processor worth it's salt could index the GEN value into a list of
> > generators.  Of course you could argue the same for the SID.
>You could. :^).
>Chris Green <cmg at ...402...>
>This is my signature. There are many like it but this one is mine.
>This sf.net emial is sponsored by: Influence the future
>of Java(TM) technology. Join the Java Community
>Process(SM) (JCP(SM)) program now.
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net

Zachary Uram
John 3:16

More information about the Snort-devel mailing list