[Snort-devel] Questions about preprocessors

Dimitris Pritsos dpritsos at ...1264...
Thu Jun 12 10:41:17 EDT 2003



I am experimenting on snort 2.0 preprocessors trying to create my own. There are some issues that I didn't managed to find them out and I hope someone could help me form here.


  1.. Is it legal to use the output of one preprocessor as an input for mine? As I read in archived e-mail  spp_conversation uses spp_portscan2 . So I think it is. Am I wrong? 
  2.. Is there any standard output API or something. As I read on 6 chapter of snort 2.0 book there is none. But as I was "walking thought the source " I sow that the log.c contains some functions for that. I used this functions and I so my alert in snort_fast and snort_full log and alert. When I used the LogMessage() function alone then I sow my alert only when I was using the -v option.  
Best Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030612/107df2d1/attachment.html>

More information about the Snort-devel mailing list