[Oisf-devel] Add custom field to a decoder event?
Adrian Falk
adrianfalk2 at gmail.com
Fri Dec 12 15:37:27 UTC 2014
Added subject.
On Fri, Dec 12, 2014 at 10:30 AM, Adrian Falk <adrianfalk2 at gmail.com> wrote:
>
> From an app layer pre-processor , when AppLayerDecoderEventsSetEventRaw()
> is called, is it possible to add a custom field into the decoder event? An
> example of a custom field would be a field extracted from a packet that
> triggered the decoder event that I would like to have show up in a Suricata
> alert.
>
> Thanks.
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20141212/201b4f58/attachment.html>
More information about the Oisf-devel
mailing list