Graph based IDS

[Florian Klickermann <florian.klickermann () gmail com>]

Hi,
I'm a new user of snort and I want to develop a graph based IDS module for
it. This graph based module should use the sniffed TCP/IP connections from
snort to check if the connection is new or not.
Therefore I need a Snort Specification document but i cant find it.
I need the following Information for my project:
- Which variable saves the IP address or can I create a rule which sends
all IP connections to a file or a variable?
- Through which API can I include my new module?
- Do I need a new preprocessor for my project?
Thanks in advance!

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!