Snort-Output XML Plugin Practice
Author: gnicky url http://blog.9cbs.net/loconfuse
In the analysis, it is necessary to practice after analysis, due to the Snort 2.2.0 installed in the system, it should be the latest version, and it is tossing in the previous testive study, sometimes it is confused, because the parameters are added during configuration, When starting, it is missing a certain file. If you want to come to the file you have long legs, but the problem of increasing parameters, I am speechless for PostgreSQL, tossing this thing is also very tired.
Come over in the morning, solve the problem of legacy files, so start Snort to see, I found that it is actually keywords, why? The past work is Hu, using Snorr1.8 to compile SPO_XML and put it in the Output_Plugin folder, you can't think of actually getting. Historical development is always a wave of three fold. It has crossed this problem, but found new problems. The original Unknown OutputPlugin "XML" has become Unknow PreProcessor "http_inspect_server". I have to know that PreProcessor appears in the SPP_XX plugin file Very big may be conflictless when modified, or unintentionally covered!
In short, first in another folder, deploy the last revised Snort-2.0.0 version, the result is more sad @
In the 28th line in SPO_XML.C, there is a mistake, and the basic syntax error has a great possibility. Including the setupxml function, there is not a complete reading of the program, it looks not to do it.
