[Oisf-users] LUA Signature Debugging

Clark Kent ctyk3322 at gmail.com
Thu Nov 22 16:30:35 UTC 2018

Hopefully this is the right forum for this. If not please feel free to
point me in the right direction that is appropriate. I am looking for some
guidance and suggestion on debugging LUA scripts for signature detection.

Is there a way to print out variable/data values after replaying a PCAP to
get a sense of what value is getting pulled or stored? If not is there a
suggestion on how read in a PCAP to get the representative value like "p =
SCPacketPayload()" or " a, o, e = HttpGetResponseBody();" as you would from
Suricata? I know I could run LUA script as a standalone to troubleshoot
syntax of the like, but I wasn't sure how to recreate the flows, http
traffic, and traffic of the sort that Suricata does for you when you replay
the traffic.

I am still fairly new to LUA scripting and writing LUA signatures, so it
would be helpful to see if I am seeking and grabbing right XX bytes in the

Thank you in advance for any guidance or suggestions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181122/c4a7d839/attachment.html>

More information about the Oisf-users mailing list