Network Security: Detailed info on Re: [Snort-users] Is there any documentation showing how to write a snor

Subject:	Re: [Snort-users] Is there any documentation showing how to write a snort plugin?
Date:	Mon, 13 Nov 2006 08:18:27 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are no documents or templates on writing output plugins,  
however you can follow the preprocessor template (spp_template.c) in  
the templates directory for general guidance and then look at one of  
the simpler output plugins like spo_log_null.c (95 lines of code, the  
first 38 of which are comments) for a basic look at how output  
plugins go together.

      -Marty

On Nov 8, 2006, at 8:28 PM, John Draper wrote:

Hi,

I checked all the docs on the snort web site,  but didn't see any
details on how to write a
snort plugin.

Does anyone on this list know of any sites or documentation showing  
how
to write
a "spo" type module?

I just need an overview and a list of the callbacks or calls or
whatever....  and to understand
the concept in general without having to spend days and hours to grope
through tons of
source code...

Thanx
John


---------------------------------------------------------------------- 
---
Using Tomcat but need to do more? Need to support web services,  
security?
Get stuff done quickly with pre-integrated technology to make your  
job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache  
Geronimo
http://sel.as-us.falkag.net/sel? 
cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFWHCkqj0FAQQ3KOARAr4BAJ94tW5l17bMgWm3nbpI2VTw7dqilACZAU6t
KK4XHAcSUewLRrP11haGMmE=
=u+NZ
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] Is there any documentation showing how to write a snort plugin?, John Draper Re: [Snort-users] Is there any documentation showing how to write a snort plugin?, Martin Roesch <= Re: [Snort-users] Is there any documentation showing how to write a snort plugin?, John Draper Re: [Snort-users] Is there any documentation showing how to write a snort plugin?, Martin Roesch Re: [Snort-users] Is there any documentation showing how to write a snort plugin?, Jason Brvenik Re: [Snort-users] Is there any documentation showing how to write a snort plugin?, Justin Heath

Previous by Date:	Re: [Snort-users] inline snort at 400 mb ?, Roger Harris
Next by Date:	[Snort-users] Extracting reports per IP address, Landon Stewart \| Superb Internet Corp.
Previous by Thread:	[Snort-users] Is there any documentation showing how to write a snort plugin?, John Draper
Next by Thread:	Re: [Snort-users] Is there any documentation showing how to write a snort plugin?, John Draper
Indexes:	[Date] [Thread] [Top] [All Lists]