[Oisf-devel] Add custom field to a decoder event?
Victor Julien
victor at inliniac.net
Fri Dec 12 16:13:16 UTC 2014
On 12/12/2014 04:37 PM, Adrian Falk wrote:
> From an app layer pre-processor , when
> AppLayerDecoderEventsSetEventRaw() is called, is it possible to add
> a custom field into the decoder event? An example of a custom field
> would be a field extracted from a packet that triggered the decoder
> event that I would like to have show up in a Suricata alert.
No, it's just an id that the rule language uses to match an
app-layer-event against. No other info is made available currently.
What would you need to pass back?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list