[Snort-devel] Dynamic Preprocessor does not alert and capture packet

Hui cao huica at ...3461...
Thu Jul 9 09:19:28 EDT 2015


Have you tried dpx?

https://www.snort.org/documents/dpx-readme

Best,
Hui.

On 07/09/2015 08:50 AM, Hui cao wrote:
> Hi Big Whale,
>
> Can you describe in detail what works and what not? Which decoder 
> rule? Have you seen the rule get triggered in your preprocessor? 
> Again, SSH preprocessor has example how to generate a preprocessor alert.
>
> Best,
> Hui.
>
> On 07/09/2015 12:46 AM, Big Whale wrote:
>> I already add "config autogenerate_preprocessor_decoder_rules" in my 
>> snort.conf file and put the plugin's alerts in the preprocessor.rules 
>> and gen-msg.map. But still no alert from my preprocessor. The 
>> preprocessor loaded correctly.
>>
>>
>> ------------------------------------------------------------------------------
>> Don't Limit Your Business. Reach for the Cloud.
>> GigeNET's Cloud Solutions provide you with the tools and support that
>> you need to offload your IT needs and focus on growing your business.
>> Configured For All Businesses. Start Your Cloud Today.
>> https://www.gigenetcloud.com/
>>
>>
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>> Archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>>
>> Please visithttp://blog.snort.org  for the latest news about Snort!
>
>
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
>
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150709/76cb5733/attachment.html>


More information about the Snort-devel mailing list