I forgot to mention, I already used the tool, I can generate the .lua file. But in the log processing only appears as "unknown", the defined name appears.

2018-04-23 15:39 GMT-03:00 Y M via Snort-openappid <snort-openappid@lists.snort.org>:
You can use the “appid_detector_builder.sh” tool that comes with Snort’s tarball in the bin directory.

YM

From: Snort-openappid <snort-openappid-bounces@lists.snort.org> on behalf of Deivison Xavier via Snort-openappid <snort-openappid@lists.snort.org>
Sent: Monday, April 23, 2018 9:36:04 PM
To: snort-openappid@lists.snort.org
Subject: [Snort-openappid] OpenAppID custom detector
 
Hello,

I am doing a college work on OpenAppID (Snort 2.9.9.11/Ubuntu16). I'm having trouble creating a detector for a third-party application. I read OpenDetectorDeveloperGuide3.0n (https://www.snort.org/downloads/openappid/6328), but it was not clear how to customize a detector. Someone with knowledge about the subject?


--
Att,

Deivison Xavier

_______________________________________________
Snort-openappid mailing list
Snort-openappid@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!




--
Att,

Deivison Xavier