[Oisf-devel] Possible Feature Request
Victor Julien
victor at inliniac.net
Fri May 9 12:26:42 UTC 2014
On 05/08/2014 11:06 PM, Gofran, Paul wrote:
> I wanted to know if I should submit a feature request to allow LUA
> scripts to be able to return string(s)? I found Feature #783 that may
> cover this functionality but it sounds like it’s recommending a unique
> number to be returned. It would be nice if 1 or more strings could be
> returned that could represent at least a description for the alert to be
> logged if not also an alert name or possibly other variables. This
> would be useful if a LUA script is performing multiple functions and
> wants to alert which function has triggered a hit.
This is something that would indeed be nice, especially with the
scripts. Also, a pcre option to capture data to log would be
interesting. I think with the json outputs we could fairly easily add a
field.
So far one of the reasons not to have this was that the original output
formats we supported (fast, unified2) were meant to be compatible with
Snort and these formats don't allow for such dynamic data to be added.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list