[Snort-users] Output Plugin writing

eschnei at ...14108... eschnei at ...14108...
Thu Apr 26 16:09:00 EDT 2007


I have looked at the ruletypes, and that was what I was using at first.
The only problem is I need to pull out data from the packet and format it
for our own reporting system, that is pike delimited.

Brian

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Have you ever looked at the custom output options?  Search for the
> word "redalert" in your snort.conf.
>
>
> +---------------------------------------------------------------------+
> Joel Esler                                         Security Consultant
>      gpg key: http://demo.sourcefire.com/jesler.pgp.key
> +---------------------------------------------------------------------+
>
>
>
> On Apr 26, 2007, at 3:19 PM, eschnei at ...14108... wrote:
>
>> Hi,
>> I am a new snort user, I've been able to write some customized
>> rules and
>> look at different output options snort provides as a default. I
>> want to
>> have it only called when I hit my customized rules, and then based
>> on the
>> rule it hits and the attributes for the rule, I want the alert and
>> packet
>> data written to a specific file that isn't the alert file the other
>> snort
>> rules use. That being said, I am having trouble setting up the
>> plugin, the
>> different functions that need to be inside of it so snort can use it.
>> Does anybody have a good template I might be able to use?  Thanks
>> for your
>> help.
>>
>> Brian
>>
>> ----------------------------------------------------------------------
>> ---
>> This SF.net email is sponsored by DB2 Express
>> Download DB2 Express C - the FREE version of DB2 express and take
>> control of your XML. No limits. Just data. Click to get it now.
>> http://sourceforge.net/powerbar/db2/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iD8DBQFGMP0QKbCSyXHckt4RArjDAJ0YHgGKr5xrHOxoeGJUc8n6CIQBxwCgnIML
> 37PKoHN01z34lx7mv3TFFM4=
> =ca9c
> -----END PGP SIGNATURE-----
>





More information about the Snort-users mailing list