roesch at ...402...
Fri Feb 13 08:30:00 EST 2004
The template files have been updated in CVS HEAD, check them out and
see if they're helpful.
On Feb 13, 2004, at 9:40 AM, Chris Green wrote:
> Martin Roesch <roesch at ...402...> writes:
>> Look in the templates directory in the Snort source repository.
> Don't do that unless it's been updated recently. Those templates have
> been out of date for quite a while.
> If you want to add a keyword, look at detection-plugins/*.c. If you
> want to add something that looks at all traffic, look at the
> preprocessors/*.c -- spp_rpc_decode.c is one of the simpler ones.
> Chris Green <cmg at ...2257...>
> Chicken's thinkin'
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-devel