Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Output Plugin writing

from [Joel Esler] Network Security [Permanent Link]
Subject: Re: [Snort-users] Output Plugin writing
Date: Thu, 26 Apr 2007 15:27:11 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you ever looked at the custom output options?  Search for the  
word "redalert" in your snort.conf.


+---------------------------------------------------------------------+
Joel Esler                                         Security Consultant
     gpg key: http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+



On Apr 26, 2007, at 3:19 PM, eschnei@CLEMSON.EDU wrote:


Hi,
I am a new snort user, I've been able to write some customized  
rules and
look at different output options snort provides as a default. I  
want to
have it only called when I hit my customized rules, and then based  
on the
rule it hits and the attributes for the rule, I want the alert and  
packet
data written to a specific file that isn't the alert file the other  
snort
rules use. That being said, I am having trouble setting up the  
plugin, the
different functions that need to be inside of it so snort can use it.
Does anybody have a good template I might be able to use?  Thanks  
for your
help.

Brian

---------------------------------------------------------------------- 
---
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFGMP0QKbCSyXHckt4RArjDAJ0YHgGKr5xrHOxoeGJUc8n6CIQBxwCgnIML
37PKoHN01z34lx7mv3TFFM4=
=ca9c
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Output Plugin writing, eschnei
Next by Date:  Re: [Snort-users] Output Plugin writing, eschnei
Previous by Thread:  [Snort-users] Output Plugin writing, eschnei
Next by Thread:  Re: [Snort-users] Output Plugin writing, eschnei
Indexes:  [Date] [Thread] [Top] [All Lists]