[Snort-devel] Plugin

Pablo G. Bringas pgarcia at ...2335...
Mon Feb 16 06:54:08 EST 2004


    Once I have my plugin registered and running into Snort, at the moment a
rule matches an option and launch my plugin function, how can I know which
was the exact option that launch me?

    Thank you in advance.

    Pablo.

----- Original Message -----
From: "Chris Green" <cmg at ...81...>
To: "Martin Roesch" <roesch at ...402...>
Cc: "Ragip Yahsieli" <ragip_yahsieli at ...445...>; "Snort Devel"
<snort-devel at lists.sourceforge.net>
Sent: Friday, February 13, 2004 3:40 PM
Subject: Re: [Snort-devel] Plugin


> Martin Roesch <roesch at ...402...> writes:
>
> > Look in the templates directory in the Snort source repository.
> >
>
> Don't do that unless it's been updated recently. Those templates have
> been out of date for quite a while.
>
> If you want to add a keyword, look at detection-plugins/*.c. If you
> want to add something that looks at all traffic, look at the
> preprocessors/*.c -- spp_rpc_decode.c is one of the simpler ones.
> --
> Chris Green <cmg at ...2257...>
> Chicken's thinkin'
>
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel





More information about the Snort-devel mailing list