[Snort-devel] Plugin

Chris Green cmg at ...81...
Fri Feb 13 06:43:08 EST 2004


Martin Roesch <roesch at ...402...> writes:

> Look in the templates directory in the Snort source repository.
>

Don't do that unless it's been updated recently. Those templates have
been out of date for quite a while.

If you want to add a keyword, look at detection-plugins/*.c. If you
want to add something that looks at all traffic, look at the
preprocessors/*.c -- spp_rpc_decode.c is one of the simpler ones.
-- 
Chris Green <cmg at ...2257...>
Chicken's thinkin'





More information about the Snort-devel mailing list