[Oisf-devel] Helloworld Detection Plugin not working completely
Victor Julien
victor at inliniac.net
Mon Nov 24 11:24:03 UTC 2014
On 11/18/2014 10:16 PM, Paul Mroszczyk wrote:
> Okay, I figured it out by debugging. Maybe some else will find this
> useful in the future:
>
> It turns out that adding a detection plugin is not merely enough to
> see it in action. What I wish the tutorial would mention is that you
> also need to add a rule that will reference that plugin. Here's an
> example line that I added to one of the rules files to make it work:
>
> alert tcp any any -> any any (msg:"helloworld 1"; helloworld:blabla;
> sid:2219987; rev:2;)
>
> During initilisation, as this rule was read, helloworld's setup
> function was finally called.
I've added a small note to the wiki page. Thanks for the feedback!
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list