Can Snort notify a user program when it finishes processing a packet?

[Chang Liu <gaustin909 () gmail com>]

Dear all,

I am trying to integrate Snort in my program.
The function I want to implement is that my program sends a packet to the
Snort, Snort processes this packet, and notify me when it finishes
processing, and my program reads the alerts triggered if any.

I have tried a couple of solutions but still not satisfied:
- run a snort instance every time there is a new packet to sent. However,
there is a long overhead in loading Snort before it starts commencing
packets, and the internal relationship between packets are lost.
- run Snort to listen on an interface, and send packet to that interface.
Monitor the snort_alert file to tell if the packet is finished processing
or not. However, most packets are benign and hence won't trigger any alerts
at all.

Any suggestion to solve this problem? Is it possible to get notification
from Snort every time it finishes processing a packet?

Any help is appreciated. Thanks.

------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive. 
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!