Re: [SUSPECTED SPAM] Creating Snort’s W3C Output Plug-In

[Russ <rucombs () cisco com>]

That book is a little out of date at this point.  You should probably 
try to clone and modify something interesting in src/output-plugins/.  
If you need more support, have a look at Snort++ instead which will make 
it easier.  It includes a working example in the extras.

https://github.com/snortadmin/snort3.git

On 5/14/17 8:33 PM, Younes Abderrahmane wrote:
> Hello everyone
>
> I am trying to see how an output module works in SNORT
>
> So I followed the steps that were quoted in this book To create W3C Output
> plug-in:
> “*Snort 2.1 Intrusion Detection, Second Edition* ” *chapter 7 page 342*
>
> 1-I put the source files (spo_w3c.h , spo_w3c.c )in the  output-plugins
> folder
>
> 2-I added this line
>
> #include "output-plugins/spo_w3c.h"
>
> in the plugbase.c file, and the
>
> AlertW3CSetup () function; I put it in the AlertW3CSetup () function; (The
> InitOutputPlugins function does not exist)
>
> 3-in the / output-plugins folder / in the Makefile.in   I added the
> following lines
>
> Spo_w3c.c
>
> spo_w3c.h
>
> spo_w3c.$(OBJEXT)
>
> 4*-step *
>
> *./configure*
>
> *Make** (this is where the errors come from)*
>
> *make  all-recursive*
>
> *make[1]: Entering directory '/home/ids/snort_src/snort-2.9.9.0'*
>
> *Making all in src*
>
> *make[2]: Entering directory '/home/ids/snort_src/snort-2.9.9.0/src'*
>
> *Making all in sfutil*
>
> *make[3]: Entering directory '/home/ids/snort_src/snort-2.9.9.0/src/sfutil'*
>
> *make[3]: Nothing to be done for 'all'.*
>
> *make[3]: Leaving directory '/home/ids/snort_src/snort-2.9.9.0/src/sfutil'*
>
> *Making all in win32*
>
> *make[3]: Entering directory '/home/ids/snort_src/snort-2.9.9.0/src/win32'*
>
> *make[3]: Nothing to be done for 'all'.*
>
> *make[3]: Leaving directory '/home/ids/snort_src/snort-2.9.9.0/src/win32'*
>
> *Making all in output-plugins*
>
> *make[3]: Entering directory
> '/home/ids/snort_src/snort-2.9.9.0/src/output-plugins'*
>
> *Makefile:119: *** recipe commences before first target.  Stop.*
>
> *make[3]: Leaving directory
> '/home/ids/snort_src/snort-2.9.9.0/src/output-plugins'*
>
> *Makefile:540: recipe for target 'all-recursive' failed*
>
> *make[2]: *** [all-recursive] Error 1*
>
> *make[2]: Leaving directory '/home/ids/snort_src/snort-2.9.9.0/src'*
>
> *Makefile:506: recipe for target 'all-recursive' failed*
>
> *make[1]: *** [all-recursive] Error 1*
>
> *make[1]: Leaving directory '/home/ids/snort_src/snort-2.9.9.0'*
>
> *Makefile:371: recipe for target 'all' failed*
>
> *make: *** [all] Error 2*
>
> ****************************************************************************
>
>
>
> *Someone has an idea how to fix errors?*
>
> *Or if you have an example or tutorial of an output plug-in that displays
> only a message I would be very thrilled;*
>
> *Thanks for any help.*
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!