[Snort-users] Preprocessor Event Documentation

Nigel Houghton nhoughton at ...1935...
Wed Aug 19 17:53:14 EDT 2009


On Wed, Aug 19, 2009 at 4:40 PM, John Duksta<jduksta at ...11827...> wrote:
> Does any useful documentation of the preprocessor events exist?
> I've never seen any and I could really use some for my SOC analysts.
>
> Thanks,
> -j
>
>
> --
> John Duksta <jduksta at ...11827...>
> Can't sleep, clowns will eat me.
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


The preprocessor event docs can be found in the rules tarball with all
the other rule event docs. The format for the filenames is
GID-SID.txt.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list