[Snort-devel] [Dynamic Preprocessor] How to log packet and output alert: genSnortEvent or alertAdd?

Hai Minh Nguyen lightsea90 at ...2499...
Sat May 25 11:47:39 EDT 2013


Thank you Russ. My problem has been solved.


On Thu, May 23, 2013 at 1:25 AM, Russ Combs <rcombs at ...402...> wrote:

> On Mon, May 20, 2013 at 5:23 AM, Hai Minh Nguyen <lightsea90 at ...2499...>
> wrote:
> > Hi,
> >
> > I'm developing a dynamic preprocessor by DPX. After processing a packet,
> I
> > might generate an alert and log that packet for later analyzing if I
> found
> > it abnormal.
> >
> > My problem:
> > I found 2 member of DynamicPreprocessorData struct: alertAdd and
> > genSnortEvent. I supposed those could help me. But I dont understand the
> > difference between 2 member yet. Which of them should I choose for my
> > purpose? If you know any other way, feel free to raise your idea.
> >
> Use alertAdd() to raise the alert.  Check dpx.c for an example.
>
> > BRs,
> >
> > --
> > Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại
> một
> > lần, nhưng chưa ai qua nổi quá tam chiêu!!!
> >
> >
> ------------------------------------------------------------------------------
> > AlienVault Unified Security Management (USM) platform delivers complete
> > security visibility with the essential security capabilities. Easily and
> > efficiently configure, manage, and operate all of your security controls
> > from a single console and one unified framework. Download a free trial.
> > http://p.sf.net/sfu/alienvault_d2d
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> > Archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
>



-- 
Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
lần, nhưng chưa ai qua nổi quá tam chiêu!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130525/dc1a06c9/attachment.html>


More information about the Snort-devel mailing list