[Snort-devel] Problem implementing output plugin

Joshua Berry jberry at ...2712...
Wed Feb 2 08:55:42 EST 2005


I am having a problem implementing an output plugin in snort.  It seems
that my data structure for the arguments passed to the plugin is getting
overwritten.  When I parse the arguments and pass the results to data,
the structure is setup properly, but by the time it hits the main void
AlertXml(Packet *p, char *msg, void *arg, Event *event) function, *arg
no longer contains the proper data structure.

Attached is the code.  I am not much of a C programmer so I am sure that
I am missing something very simple.

The line in my snort.conf looks like this:
output alert_xml: alert, xmlprimary=127.0.0.1:933
xmlsecondary=<127.0.0.1>:933 sensor_name=testing

I appreciate any help.
 
Josh Berry | CISSP GCIA 
Information Security
214-765-1296
 
-------------------------------------------------------------------- 
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
     -- (Former) White House Cybersecurity adviser Richard Clarke 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: spo_alert_xml.c
Type: application/octet-stream
Size: 4646 bytes
Desc: spo_alert_xml.c
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050202/70292704/attachment.obj>


More information about the Snort-devel mailing list