[Snort-devel] Plugin

Martin Roesch roesch at ...402...
Fri Feb 13 08:30:00 EST 2004


The template files have been updated in CVS HEAD, check them out and 
see if they're helpful.

      -Marty


On Feb 13, 2004, at 9:40 AM, Chris Green wrote:

> Martin Roesch <roesch at ...402...> writes:
>
>> Look in the templates directory in the Snort source repository.
>>
>
> Don't do that unless it's been updated recently. Those templates have
> been out of date for quite a while.
>
> If you want to add a keyword, look at detection-plugins/*.c. If you
> want to add something that looks at all traffic, look at the
> preprocessors/*.c -- spp_rpc_decode.c is one of the simpler ones.
> -- 
> Chris Green <cmg at ...2257...>
> Chicken's thinkin'
>
>
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-devel mailing list