Snort mailing list archives
Re: Is there any documentation showing how to write a snort plugin?
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 13 Nov 2006 08:18:27 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There are no documents or templates on writing output plugins,
however you can follow the preprocessor template (spp_template.c) in
the templates directory for general guidance and then look at one of
the simpler output plugins like spo_log_null.c (95 lines of code, the
first 38 of which are comments) for a basic look at how output
plugins go together.
-Marty
On Nov 8, 2006, at 8:28 PM, John Draper wrote:
Hi, I checked all the docs on the snort web site, but didn't see any details on how to write a snort plugin. Does anyone on this list know of any sites or documentation showing how to write a "spo" type module? I just need an overview and a list of the callbacks or calls or whatever.... and to understand the concept in general without having to spend days and hours to grope through tons of source code... Thanx John ---------------------------------------------------------------------- --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel? cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFWHCkqj0FAQQ3KOARAr4BAJ94tW5l17bMgWm3nbpI2VTw7dqilACZAU6t KK4XHAcSUewLRrP11haGMmE= =u+NZ -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Is there any documentation showing how to write a snort plugin? John Draper (Nov 08)
- Re: Is there any documentation showing how to write a snort plugin? Martin Roesch (Nov 13)
- Re: Is there any documentation showing how to write a snort plugin? John Draper (Nov 17)
- Re: Is there any documentation showing how to write a snort plugin? Martin Roesch (Nov 22)
- Re: Is there any documentation showing how to write a snort plugin? John Draper (Dec 02)
- Re: [RGSPAM] Re: Is there any documentation showing how to write a snort plugin? Martin Roesch (Dec 02)
- Re: [RGSPAM] Re: Is there any documentation showing how to write a snort plugin? Justin Heath (Dec 03)
- Re: [RGSPAM] Re: Is there any documentation showing how to write a snort plugin? John Draper (Dec 03)
- Re: [RGSPAM] Re: Is there any documentation showing how to write a snort plugin? Jason Brvenik (Dec 03)
- Re: Is there any documentation showing how to write a snort plugin? John Draper (Nov 17)
- Re: Is there any documentation showing how to write a snort plugin? Martin Roesch (Nov 13)
- Re: Is there any documentation showing how to write a snort plugin? Jason Brvenik (Nov 29)
- <Possible follow-ups>
- Re: Is there any documentation showing how to write a snort plugin? Richard Bejtlich (Dec 01)