[Snort-devel] New feature wanted - aid when designing rules

Brian bmc at ...835...
Wed May 14 18:38:07 EDT 2003


On Wed, May 14, 2003 at 08:07:06PM +0200, Martin Olsson wrote:
> It would be nice if the byte_test-tag had an option "debug".
> 
> When this option is set, snort would dump the interesting data on stderr.
> Interesting data is the current values, offsets and the payload data close
> to the different pointers, in short, the surrounding environment.

Snort already has debug messages.  Enabling debug mode will SERIOUSLY
slow down snort, so it is a compile time option only.

    ./configure --enable-debug
    SNORT_DEBUG=16384 snort -c etc/snort -l /tmp -A console -q -r pcap

-brian




More information about the Snort-devel mailing list