[Snort-devel] [Dynamic Preprocessor] How to log packet and output alert: genSnortEvent or alertAdd?

Russ Combs rcombs at ...402...
Wed May 22 14:25:25 EDT 2013


On Mon, May 20, 2013 at 5:23 AM, Hai Minh Nguyen <lightsea90 at ...2499...> wrote:
> Hi,
>
> I'm developing a dynamic preprocessor by DPX. After processing a packet, I
> might generate an alert and log that packet for later analyzing if I found
> it abnormal.
>
> My problem:
> I found 2 member of DynamicPreprocessorData struct: alertAdd and
> genSnortEvent. I supposed those could help me. But I dont understand the
> difference between 2 member yet. Which of them should I choose for my
> purpose? If you know any other way, feel free to raise your idea.
>
Use alertAdd() to raise the alert.  Check dpx.c for an example.

> BRs,
>
> --
> Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
> lần, nhưng chưa ai qua nổi quá tam chiêu!!!
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!




More information about the Snort-devel mailing list