[Snort-devel] Publishing http attributes
Seshaiah Erugu (serugu)
serugu at ...3461...
Tue Jun 28 06:46:56 EDT 2016
You can add this data ( Host name, version and Method ) to HttpSessionData and populate while logging the packet.
Refer xff code for populating extra data.
From: Akhil Koul [mailto:akhil.koul8 at ...2499...]
Sent: Tuesday, June 28, 2016 2:56 PM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Publishing http attributes
For a project I am working on, I would like to publish http host, version and method so that it is available to subscribers. Currently, only http_raw_uri is published which is subscribed and logged by data_log inspector.
I would like the data_log inspector to be able to subscribe to above attributes(or maybe a new inspector which can subscribe to and handle several http attributes).
How do I do this? Any help will be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel