[Snort-devel] [Snort-user] how to get input for snort rules

zT zzahra88 at ...2499...
Sat Jan 31 05:52:13 EST 2015


i found answer for second question, just add NULL to function call, it will
be solved.

On Fri, Jan 30, 2015 at 12:22 AM, zT <zzahra88 at ...2499...> wrote:

> hello all,
> i have 2 question:
> 1- i want to write a rule that get a keyword from terminal and match
> it with packet content. for this i try to use dynamic module. is this
> right work ? or can i try easy way :(
> 2- when i try to test a dynamic rule this happend:
>  i have test example of snortIDS&IPS TOOLKIT.pdf about dynamic
> modules. I copy code of that file and i got this error in my
> InnerWorkingsDynmaicRules:
> InnerWorkingsDynamicRules.c:48:2: error: too few arguments to function
> ‘RegisterRules’
> and this is the content of that file:
> extern Rule sid109;
> extern Rule sid637;
> extern Rule Rule2329;
> Rule *rules[] =
> {
>     &sid109,&sid637,&Rule2329,NULL
> };
> int InitializeDetection()
> {
>         return RegisterRules(rules);
> }
>
> i'm really confuse. rules is an array of rules and these codes are the
> same as codes in snort IDS&IPS TOOLKIT.pdf .what is going wrong in
> these codes???
> thanks & Regards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150131/f902dad0/attachment.html>


More information about the Snort-devel mailing list