[Snort-devel] How to use alertAdd to generate a "variable" alert message?

Hai Minh Nguyen lightsea90 at ...2499...
Mon May 27 14:49:43 EDT 2013


Help me, please!


On Sat, May 25, 2013 at 11:16 PM, Hai Minh Nguyen <lightsea90 at ...2499...>wrote:

> Hi,
>
> I'm using _dpd.alertAdd to raise an alert in my dynamic preprocessor. But
> I face a problem:
>
> I ran this code:
>
> char alert[256];
>  double score = MyFunction();
> sprintf(alert, "Alert: Score = %lf", score);
> _dpd.alertAdd(DPX_GID, DPX_DST_SID, 1, 0, 3, alert, 0);
>
> I'm using 2 output modules to check it: alert_fast and unified2 (to mysql
> by barnyard2). I checked the result in alert_fast output file but it didn't
> show the correct alert message (e.g. Alert: Score = 10.00000) ! In fact,
> the message contains special characters.
>
> For mysql database, barnyard2 cant save the alert with the message so it
> save as "Snort: Alert", it noticed that the trouble is of sid-msg.map and
> gen-msg.map.
>
> Could you please tell me how to solve my problem? How can I get the
> correct message and save the alert with it on Snort database?
>
> --
> Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại
> một lần, nhưng chưa ai qua nổi quá tam chiêu!!!
>



-- 
Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
lần, nhưng chưa ai qua nổi quá tam chiêu!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130528/de8e5b7a/attachment.html>


More information about the Snort-devel mailing list