[Snort-devel] GEN_ID in Database Plug-in Output

Ron Shuck rshuck at ...1949...
Fri Apr 15 07:32:35 EDT 2005


Is it possible (easy) to get the gen_id added to the signature table
output of the database plug-in? This would allow a minor tweak to ACID
(line 168 of acid_signature.inc) and then alerts with gen_ids other than
1 could be referenced back to the Snort.org Rule database. Currently,
only the sig_id is available which is great for rules, but doesn't work
for alerts generated by other plug-ins like stream4, etc.

I would be willing to take a shot at adding this if someone could point
me in the general vicinity in the database plug-in code.

 
Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant
Buchanan Associates - People. Process. Technology.
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050415/0cd7391f/attachment.html>


More information about the Snort-devel mailing list