[Snort-devel] How to use alertAdd to generate a "variable" alert message?

Hai Minh Nguyen lightsea90 at ...2499...
Sat May 25 12:16:18 EDT 2013


Hi,

I'm using _dpd.alertAdd to raise an alert in my dynamic preprocessor. But I
face a problem:

I ran this code:

char alert[256];
double score = MyFunction();
sprintf(alert, "Alert: Score = %lf", score);
_dpd.alertAdd(DPX_GID, DPX_DST_SID, 1, 0, 3, alert, 0);

I'm using 2 output modules to check it: alert_fast and unified2 (to mysql
by barnyard2). I checked the result in alert_fast output file but it didn't
show the correct alert message (e.g. Alert: Score = 10.00000) ! In fact,
the message contains special characters.

For mysql database, barnyard2 cant save the alert with the message so it
save as "Snort: Alert", it noticed that the trouble is of sid-msg.map and
gen-msg.map.

Could you please tell me how to solve my problem? How can I get the correct
message and save the alert with it on Snort database?

-- 
Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
lần, nhưng chưa ai qua nổi quá tam chiêu!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130525/bd836bc8/attachment.html>


More information about the Snort-devel mailing list