[Snort-devel] Writing a snort rule with dynamic message!

Joel Esler jesler at ...402...
Sat Aug 31 09:36:52 EDT 2013


No.  That feature is not available at this time.  


--
Joel Esler
Sent from my iPad

On Aug 31, 2013, at 2:50 AM, Hamid Reza Hasani <hr.hasani at ...2499...> wrote:

> Hi all, 
> I'm not sure whether this question is related to snort-devel mailing list or not, so sorry if it is not related to this mailing list!
> I wonder there is a way (except dynamic rules!) to put some dynamic value to snort rule's message. I mean for example I want to add payload's length value to rule message, is it possible?
> e.g.: alert ip any any -> any any (msg:"prefix length overflow attempt (length is %d)", somevalue;)
> 
> thanks for your hard work and good product!
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
> 
> Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130831/a80e981a/attachment.html>


More information about the Snort-devel mailing list