[Snort-users] reference port data in rule msg
bmc at ...950...
Wed Mar 20 07:12:10 EST 2002
According to Stephen Gill:
> Hi all,
> Does anyone know if there is a way to reference the actual tcp/udp port
> and/or other information of a packet when it matches a particular rule
> (ie. protocol, etc.)? I would like to configure a snort rule with a
> dynamic text message based on the actual port that is being probed. I
> would like all traffic destined to a particular IP address to be logged
> as a probe along with the actual port and protocol information in the
> text field.
Why don't you write your own output plugin? Or use the customizable
plugin, spo_csv. (Not that fast, but the Andrew's version in barnyard
More information about the Snort-users