Home page logo
/

snort logo Snort mailing list archives

How to use alertAdd to generate a "variable" alert message?
From: Hai Minh Nguyen <lightsea90 () gmail com>
Date: Sat, 25 May 2013 23:16:18 +0700

Hi,

I'm using _dpd.alertAdd to raise an alert in my dynamic preprocessor. But I
face a problem:

I ran this code:

char alert[256];
double score = MyFunction();
sprintf(alert, "Alert: Score = %lf", score);
_dpd.alertAdd(DPX_GID, DPX_DST_SID, 1, 0, 3, alert, 0);

I'm using 2 output modules to check it: alert_fast and unified2 (to mysql
by barnyard2). I checked the result in alert_fast output file but it didn't
show the correct alert message (e.g. Alert: Score = 10.00000) ! In fact,
the message contains special characters.

For mysql database, barnyard2 cant save the alert with the message so it
save as "Snort: Alert", it noticed that the trouble is of sid-msg.map and
gen-msg.map.

Could you please tell me how to solve my problem? How can I get the correct
message and save the alert with it on Snort database?

-- 
Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
lần, nhưng chưa ai qua nổi quá tam chiêu!!!
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]