[Snort-devel] Publishing http attributes

Seshaiah Erugu (serugu) serugu at ...3461...
Tue Jun 28 06:46:56 EDT 2016


Hi Akhil,

You can add this data ( Host name, version and Method ) to HttpSessionData and populate while logging the packet.
Refer xff code for populating extra data.


Thanks,
Seshaiah Erugu.

From: Akhil Koul [mailto:akhil.koul8 at ...2499...]
Sent: Tuesday, June 28, 2016 2:56 PM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Publishing http attributes

Hello

For a project I am working on, I would like to publish http host, version and method so that it is available to subscribers. Currently, only http_raw_uri is published which is subscribed and logged by data_log inspector.

I would like the data_log inspector to be able to subscribe to above attributes(or maybe a new inspector which can subscribe to and handle several http attributes).
How do I do this? Any help will be appreciated.

Thanks
Akhil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160628/62f95a60/attachment.html>


More information about the Snort-devel mailing list