Re: reference port data in rule msg

[Brian <bmc () snort org>]

According to Stephen Gill:
> Hi all,
> Does anyone know if there is a way to reference the actual tcp/udp port
> and/or other information of a packet when it matches a particular rule
> (ie.  protocol, etc.)?  I would like to configure a snort rule with a
> dynamic text message based on the actual port that is being probed.  I
> would like all traffic destined to a particular IP address to be logged
> as a probe along with the actual port and protocol information in the
> text field.  

Why don't you write your own output plugin?  Or use the customizable
plugin, spo_csv.  (Not that fast, but the Andrew's version in barnyard
rocks)

-brian

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users