Snort mailing list archives
Re: [Snort++] Trying to integrate a custom Inspector
From: Russ <rucombs () cisco com>
Date: Thu, 4 May 2017 09:39:02 -0400
On 5/3/17 3:42 PM, Ronin CS wrote:
Nice work! Please note that you can build completely externally to Snort++ source. Just make and install Snort++ and the extras and point your include path to the installed headers.Thank you Marcin!Using the codec example provided by Albert Lewis and these steps, I managed to integrate my code into Snort!
One last question, does the --enable-debug-msgs option makes visible the text inside a LogMessage() method?No. LogMessage() is output unless -q is specified. DebugMessage() and DebugFormat() are dependent on --enable-debug-messages. However, you are encouraged to use the newer and better trace facility. stream_ip is an inspector that uses that.
Ronin.On Wed, May 3, 2017 at 11:22 AM, Marcin Dulak <marcin.dulak () gmail com <mailto:marcin.dulak () gmail com>> wrote:Hi, you are missing a change to extra/configure.ac <http://configure.ac> - this is how the process may look like: autoreconf -isvf ./configure --prefix=/tmp/snort --exec_prefix=/tmp/snort --disable-static-daq --enable-debug-msgs --enable-debug make install cd extra sed -i '/dpx/asrc/inspectors/test/Makefile \\' ./configure.ac <http://configure.ac> cp -r src/inspectors/dpx/ src/inspectors/test mv src/inspectors/test/dpx.cc src/inspectors/test/test.cc sed -i 's/dpx/test/g' src/inspectors/test/Makefile.am sed -i 's/dpx/dpx \\/' src/inspectors/Makefile.am&& sed -i '/dpx/atest' src/inspectors/Makefile.am autoreconf -isvf PKG_CONFIG_PATH=../ ./configure --prefix=/tmp/snort make install Marcin On Mon, May 1, 2017 at 11:14 PM, Ronin CS <ronincs17 () gmail com <mailto:ronincs17 () gmail com>> wrote: Hello guys, I'm trying to learn more about Snort++ and Inspectors as I develop my own module to test on it, but I'm having a lot of issues while building the extras again. So far, I've created a super simple Inspector, that all it does is print basic packet information everytime it goes through the "eval" method. I'm taking the "DPX Inspector" as a basis for my Inspector, so I've created a new folder inside /extra/inspectors, let's say, "test", and inside of it I have the Inspector itself "test.cc" and two other files copied from "dpx" directory, "CMakeLists.txt" and "Makefile.am". I've modified these last two files to match my new Inspector. Same for the files at /extra/inspectors. But when I try to build it using "make", I receive: make[4]: Leaving directory '/home/ronin/snort_src/snort3-master/extra/src/inspectors/dpx' make[3]: Leaving directory '/home/ronin/snort_src/snort3-master/extra/src/inspectors/dpx' Making install in test make[3]: Entering directory '/home/ronin/snort_src/snort3-master/extra/src/inspectors/test' make[3]: *** No rule to make target 'install'. Stop. make[3]: Leaving directory '/home/ronin/snort_src/snort3-master/extra/src/inspectors/test' Makefile:369: recipe for target 'install-recursive' failed make[2]: *** [install-recursive] Error 1 make[2]: Leaving directory '/home/ronin/snort_src/snort3-master/extra/src/inspectors' Makefile:373: recipe for target 'install-recursive' failed make[1]: *** [install-recursive] Error 1 make[1]: Leaving directory '/home/ronin/snort_src/snort3-master/extra/src' Makefile:407: recipe for target 'install-recursive' failed make: *** [install-recursive] Error 1 To be honest, I don't know the correct way to do it (integrate a new Inspector). I've searched for references but I couldn't find anything. Ronin. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net <mailto:Snort-devel () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-devel <https://lists.sourceforge.net/lists/listinfo/snort-devel> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel> Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [Snort++] Trying to integrate a custom Inspector Ronin CS (May 01)
- Re: [Snort++] Trying to integrate a custom Inspector Marcin Dulak (May 03)
- Re: [Snort++] Trying to integrate a custom Inspector Ronin CS (May 03)
- Re: [Snort++] Trying to integrate a custom Inspector Russ (May 04)
- Re: [Snort++] Trying to integrate a custom Inspector Ronin CS (May 03)
- Re: [Snort++] Trying to integrate a custom Inspector Marcin Dulak (May 03)