[Snort-devel] Questions about preprocessors
dpritsos at ...1264...
Thu Jun 12 10:41:17 EDT 2003
I am experimenting on snort 2.0 preprocessors trying to create my own. There are some issues that I didn't managed to find them out and I hope someone could help me form here.
1.. Is it legal to use the output of one preprocessor as an input for mine? As I read in archived e-mail spp_conversation uses spp_portscan2 . So I think it is. Am I wrong?
2.. Is there any standard output API or something. As I read on 6 chapter of snort 2.0 book there is none. But as I was "walking thought the source " I sow that the log.c contains some functions for that. I used this functions and I so my alert in snort_fast and snort_full log and alert. When I used the LogMessage() function alone then I sow my alert only when I was using the -v option.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel