[Snort-devel] About a new plugin

Will Metcalf william.metcalf at ...2499...
Tue Jun 28 08:43:25 EDT 2005


This really isn't enough info, send us a diff?

Regards,

Will

On 6/28/05, Alejandro Cabrera <alex at ...2771...> wrote:
> Hi
> I have been working in a new plugin for snort, well I write it but I
> can't test it. I was create a new ruletype in snort.conf file:
> ruletype  exec
> {
>      type alert
>      output alert_execute: Mi_Program
> }
> When I run the snort I see that snort recognize my plugin, but never run
> my plugin on alert, I change a simple rule in icmp.rules and assign
> "exec" to this rule,  when I run the snort I made that it rule is power
> on. But never execute my plugin. I think that the problem no is my
> plugin because when I change the ruletype like this:
> ruletype exec
> {
>     type alert
>     output alert_fast: alerts.log
> }
> .......the snort made this file, but never write anything on it, and one
> alert is ative after I run the snort with this configuration.
> I should run the snort with an additional args for it recognize a new
> ruletype ????
> thanks for any help
> Alejandro
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>




More information about the Snort-devel mailing list