| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: Frag3 Up: Configuring Snort Previous: Directives Contents
Preprocessors
Preprocessors were introduced in version 1.5 of Snort. They allow the functionality of Snort to be extended by allowing users and programmers to drop modular plugins into Snort fairly easily. Preprocessor code is run before the detection engine is called, but after the packet has been decoded. The packet can be modified or analyzed in an out-of-band manner using this mechanism.
Preprocessors are loaded and configured using the preprocessor keyword. The format of the preprocessor directive in the Snort rules file is:
preprocessor <name>: <options>
Subsections
- Frag3
- Stream4
- Flow
- Stream5
- Transport Protocols
- Target-Based
- Stream API
- Anomaly Detection
- Stream5 Global Configuration
- Stream5 TCP Configuration
- Stream5 UDP Configuration
- Stream5 ICMP Configuration
- Example Configurations
- Alerts
- sfPortscan
- RPC Decode
- Performance Monitor
- HTTP Inspect
- Global Configuration
- Format
- Example Global Configuration
- Server Configuration
- Example Default Configuration
- Example IP Configuration
- Server Configuration Options
- Example
- Examples
- SMTP Preprocessor
- FTP/Telnet Preprocessor
- Global Configuration
- Format
- Example Global Configuration
- Telnet Configuration
- Format
- Example Telnet Configuration
- FTP Server Configuration
- Example Default FTP Server Configuration
- Example IP specific FTP Server Configuration
- FTP Server Configuration Options
- FTP Client Configuration
- Example Default FTP Client Configuration
- Example IP specific FTP Client Configuration
- FTP Client Configuration Options
- Examples/Default Configuration from snort.conf
- SSH
- DCE/RPC
- DNS
Steven Sturges 2007-10-04
| site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |