| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: Frag2 Up: Configuring Snort Previous: Directives Contents
Preprocessors
Preprocessors were introduced in version 1.5 of Snort. They allow the functionality of Snort to be extended by allowing users and programmers to drop modular plugins into Snort fairly easily. Preprocessor code is run before the detection engine is called, but after the packet has been decoded. The packet can be modified or analyzed in an out-of-band manner using this mechanism.
Preprocessors are loaded and configured using the preprocessor keyword. The format of the preprocessor directive in the Snort rules file is:
preprocessor <name>: <options>
Subsections
- Frag2
- Frag3
- Stream4
- Flow
- Portscan
- Flow-Portscan
- sfPortscan
- Telnet Decode
- RPC Decode
- Performance Monitor
- HTTP Inspect
- Global Configuration
- Format
- Example Global Configuration
- Server Configuration
- Example Default Configuration
- Example IP Configuration
- Server Configuration Options
- Example
- Examples
- SMTP Preprocessor
- FTP/Telnet Preprocessor
- Global Configuration
- Format
- Example Global Configuration
- Telnet Configuration
- Format
- Example Telnet Configuration
- FTP Server Configuration
- Example Default FTP Server Configuration
- Example IP specific FTP Server Configuration
- FTP Server Configuration Options
- FTP Client Configuration
- Example Default FTP Client Configuration
- Example IP specific FTP Client Configuration
- FTP Client Configuration Options
- Examples/Default Configuration from snort.conf
- SSH
- DCE/RPC
- DNS
- ASN.1 Detection
Steven Sturges 2006-12-08
| site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |