[Oisf-devel] Helloworld Detection Plugin not working completely
Paul Mroszczyk
paul.mroszczyk.1 at gmail.com
Tue Nov 18 21:16:42 UTC 2014
Okay, I figured it out by debugging. Maybe some else will find this
useful in the future:
It turns out that adding a detection plugin is not merely enough to
see it in action. What I wish the tutorial would mention is that you
also need to add a rule that will reference that plugin. Here's an
example line that I added to one of the rules files to make it work:
alert tcp any any -> any any (msg:"helloworld 1"; helloworld:blabla;
sid:2219987; rev:2;)
During initilisation, as this rule was read, helloworld's setup
function was finally called.
Paul
On 11/18/14, Paul Mroszczyk <paul.mroszczyk.1 at gmail.com> wrote:
> Hello everyone. I have a question that might be a no-brainer who's
> tried this before. I'm trying to write a detection plugin for
> Suricata, and I started off with the official helloworld plugin
> (https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Packet_Inspection_Module).
> It compiles and runs, but the only function that I see ever called it
> the registration function (void DetectHelloWorldRegister(void)),
> nothing else. Setup function does not get called, neither does a
> matching function. Is it maybe a matter of configuration? What am I
> doing wrong?
>
> I used the configuration that is installed by "make install-full".
>
>
> Paul Mroszczyk
>
More information about the Oisf-devel
mailing list