[Snort-devel] [Snort-user] how to get input for snort rules

zT zzahra88 at ...2499...
Thu Jan 29 15:52:41 EST 2015


hello all,
i have 2 question:
1- i want to write a rule that get a keyword from terminal and match
it with packet content. for this i try to use dynamic module. is this
right work ? or can i try easy way :(
2- when i try to test a dynamic rule this happend:
 i have test example of snortIDS&IPS TOOLKIT.pdf about dynamic
modules. I copy code of that file and i got this error in my
InnerWorkingsDynmaicRules:
InnerWorkingsDynamicRules.c:48:2: error: too few arguments to function
‘RegisterRules’
and this is the content of that file:
extern Rule sid109;
extern Rule sid637;
extern Rule Rule2329;
Rule *rules[] =
{
    &sid109,&sid637,&Rule2329,NULL
};
int InitializeDetection()
{
        return RegisterRules(rules);
}

i'm really confuse. rules is an array of rules and these codes are the
same as codes in snort IDS&IPS TOOLKIT.pdf .what is going wrong in
these codes???
thanks & Regards




More information about the Snort-devel mailing list