[Snort-devel] About a new plugin

Alejandro Cabrera alex at ...2771...
Tue Jun 28 08:22:19 EDT 2005


Hi
I have been working in a new plugin for snort, well I write it but I 
can't test it. I was create a new ruletype in snort.conf file:
ruletype  exec
{
     type alert
     output alert_execute: Mi_Program
}
When I run the snort I see that snort recognize my plugin, but never run 
my plugin on alert, I change a simple rule in icmp.rules and assign 
"exec" to this rule,  when I run the snort I made that it rule is power 
on. But never execute my plugin. I think that the problem no is my 
plugin because when I change the ruletype like this:
ruletype exec
{
    type alert
    output alert_fast: alerts.log
}
.......the snort made this file, but never write anything on it, and one 
alert is ative after I run the snort with this configuration.
I should run the snort with an additional args for it recognize a new 
ruletype ????
thanks for any help
Alejandro






More information about the Snort-devel mailing list