[Snort-devel] Writing a snort rule with dynamic message!

Hamid Reza Hasani hr.hasani at ...2499...
Sat Aug 31 02:50:27 EDT 2013


Hi all,
I'm not sure whether this question is related to snort-devel mailing list
or not, so sorry if it is not related to this mailing list!
I wonder there is a way (except dynamic rules!) to put some dynamic value
to snort rule's message. I mean for example I want to add payload's length
value to rule message, is it possible?
e.g.: alert ip any any -> any any (msg:"prefix length overflow attempt
(length is %d)", somevalue;)

thanks for your hard work and good product!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130831/5f342e9a/attachment.html>


More information about the Snort-devel mailing list