Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort++] Trying to integrate a custom Inspector

From: Ronin CS <ronincs17 () gmail com>
Date: Wed, 3 May 2017 16:42:25 -0300
Thank you Marcin!

Using the codec example provided by Albert Lewis and these steps, I managed
to integrate my code into Snort!
One last question, does the --enable-debug-msgs option makes visible the
text inside a LogMessage() method?

Ronin.

On Wed, May 3, 2017 at 11:22 AM, Marcin Dulak <marcin.dulak () gmail com>
wrote:


Hi,

you are missing a change to extra/configure.ac - this is how the process
may look like:

autoreconf -isvf
./configure --prefix=/tmp/snort --exec_prefix=/tmp/snort
--disable-static-daq --enable-debug-msgs --enable-debug
make install
cd extra
sed -i '/dpx/asrc/inspectors/test/Makefile \\' ./configure.ac
cp -r src/inspectors/dpx/ src/inspectors/test
mv src/inspectors/test/dpx.cc src/inspectors/test/test.cc
sed -i 's/dpx/test/g' src/inspectors/test/Makefile.am
sed -i 's/dpx/dpx \\/' src/inspectors/Makefile.am&& sed -i '/dpx/atest'
src/inspectors/Makefile.am
autoreconf -isvf
PKG_CONFIG_PATH=../ ./configure --prefix=/tmp/snort
make install

Marcin


On Mon, May 1, 2017 at 11:14 PM, Ronin CS <ronincs17 () gmail com> wrote:


Hello guys,

I'm trying to learn more about Snort++ and Inspectors as I develop my own
module to test on it, but I'm having a lot of issues while building the
extras again.

So far, I've created a super simple Inspector, that all it does is print
basic packet information everytime it goes through the "eval" method.

I'm taking the "DPX Inspector" as a basis for my Inspector, so I've
created a new folder inside /extra/inspectors, let's say, "test", and
inside of it I have the Inspector itself "test.cc" and two other files
copied from "dpx" directory, "CMakeLists.txt" and "Makefile.am".

I've modified these last two files to match my new Inspector. Same for
the files at /extra/inspectors.

But when I try to build it using "make", I receive:

make[4]: Leaving directory '/home/ronin/snort_src/snort3-
master/extra/src/inspectors/dpx'
make[3]: Leaving directory '/home/ronin/snort_src/snort3-
master/extra/src/inspectors/dpx'
Making install in test
make[3]: Entering directory '/home/ronin/snort_src/snort3-
master/extra/src/inspectors/test'
make[3]: *** No rule to make target 'install'.  Stop.
make[3]: Leaving directory '/home/ronin/snort_src/snort3-
master/extra/src/inspectors/test'
Makefile:369: recipe for target 'install-recursive' failed
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory '/home/ronin/snort_src/snort3-
master/extra/src/inspectors'
Makefile:373: recipe for target 'install-recursive' failed
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory '/home/ronin/snort_src/snort3-
master/extra/src'
Makefile:407: recipe for target 'install-recursive' failed
make: *** [install-recursive] Error 1

To be honest, I don't know the correct way to do it (integrate a new
Inspector). I've searched for references but I couldn't find anything.

Ronin.

------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: