Snort mailing list archives
Re: Help: Piglet Test Harness
From: "Joel Cornett (jocornet)" <jocornet () cisco com>
Date: Wed, 9 Sep 2015 16:20:37 +0000
Hi, I'm going to test performance of my own plugin (pattern_matching.cc and pattern_matching.h) into Snort detection engine. But I need to perform individual testing first before implement them (obviously) and to be honest I am totally new in this. I read some info about piglet test harness that provide this kind of thing and tried to find some more development examples in /piglet_script source tree in https://github.com/snortadmin/snort3/tree/master/piglet_scripts as stated in blog.snort.org/2015/07/snort-introducing-piglet.html, however the page gave me 404 error. I found other piglet folders such as: 1) https://github.com/snortadmin/snort3/tree/master/src/piglet 2<https://github.com/snortadmin/snort3/tree/master/src/piglet%202>)
Contains the source code for the piglet test runner.
2) https://github.com/snortadmin/snort3/tree/master/src/piglet_plugins 3<https://github.com/snortadmin/snort3/tree/master/src/piglet_plugins%203>)
Contains additional source code for the test runner (specializations for each plugin type).
3) https://github.com/snortadmin/snort3/tree/master/piglet/tests
Contains “Unit” tests (in Lua) for the Piglet/Lua interface.
I'm not really sure if these 3 folders are the one mentioned in the blog.snort.org. If it is not the right one, can you help pointing me in the right direction?
From /piglet/tests/instance/ folder in github, I noticed that it contains some of plugin files in Lua format. Do I have to create Lua file and write test script for my plugin exactly like that?Where do I need to place that test script? Do I have to modify my .cc or .h plugin files? To run the piglet test, I need to add -enable-piglet in configure file in main folder right?
You should not need to modify your plugin source files in order to test them using Piglet. You *will* have to compile the source with the piglet enabled. The instructions for how to do this can be found in the snort manual. You can also see the build script help (./configure --help for automake, ./configure_cmake --help for cmake) to determine the correct flag to use. To run the test, you can specify the location of the script (can be a directory or a single file) using the --script-path command-line option. Specify piglet mode with the --piglet flag. The Piglet test harness is still very much a work in progress. Unfortunately, there is not yet full support for the Search Engine plugin type in the Piglet test harness. Most likely, this support will be added in the next few updates.
I would greatly appreciate it if you could give me some feedback on this matter. Many thanks!
Let me know if there is anything else I can clear up for you! Best, Joel Cornett | Software Engineer - Cisco jocornet () cisco com ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Help: Piglet Test Harness Siti Farhana Binti Lokman (Sep 02)
- <Possible follow-ups>
- Re: Help: Piglet Test Harness Joel Cornett (jocornet) (Sep 09)
- Re: Help: Piglet Test Harness Joel Cornett (jocornet) (Sep 09)
- Re: Help: Piglet Test Harness Joel Cornett (jocornet) (Sep 11)