Hosting Provided By

Re: [Snort-devel] Plugin

From: Chris Green <cmg(at)uab.edu>
Date: Fri Feb 13 2004 - 09:40:49 EST

Martin Roesch <roesch@sourcefire.com> writes:

> Look in the templates directory in the Snort source repository.
>

Don't do that unless it's been updated recently. Those templates have been out of date for quite a while.

If you want to add a keyword, look at detection-plugins/*.c. If you want to add something that looks at all traffic, look at the preprocessors/*.c -- spp_rpc_decode.c is one of the simpler ones.

-- 
Chris Green 
Chicken's thinkin'



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Received on Fri Feb 13 09:47:05 2004

This message: [ Message body ]
Next message: Martin Roesch: "Re: [Snort-devel] Plugin"
Previous message: Ganu Skop: "[Snort-devel] Making Current Problem"
Next in thread: Martin Roesch: "Re: [Snort-devel] Plugin"
Reply: Martin Roesch: "Re: [Snort-devel] Plugin"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:12 EDT