[Snort-devel] GEN_ID in Database Plug-in Output
rshuck at ...1949...
Fri Apr 15 07:32:35 EDT 2005
Is it possible (easy) to get the gen_id added to the signature table
output of the database plug-in? This would allow a minor tweak to ACID
(line 168 of acid_signature.inc) and then alerts with gen_ids other than
1 could be referenced back to the Snort.org Rule database. Currently,
only the sig_id is available which is great for rules, but doesn't work
for alerts generated by other plug-ins like stream4, etc.
I would be willing to take a shot at adding this if someone could point
me in the general vicinity in the database plug-in code.
Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant
Buchanan Associates - People. Process. Technology.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel