cmg at ...81...
Fri Feb 13 06:43:08 EST 2004
Martin Roesch <roesch at ...402...> writes:
> Look in the templates directory in the Snort source repository.
Don't do that unless it's been updated recently. Those templates have
been out of date for quite a while.
If you want to add a keyword, look at detection-plugins/*.c. If you
want to add something that looks at all traffic, look at the
preprocessors/*.c -- spp_rpc_decode.c is one of the simpler ones.
Chris Green <cmg at ...2257...>
More information about the Snort-devel