Snort mailing list archives
Re: Fwd: hybrid IDS using snort
From: Bill Reimer <breimer273 () gmail com>
Date: Tue, 10 Mar 2015 06:21:52 -0700
It's been a long time since I have done this, so pardon me if I leave out details, but this link explains how to configure snort to include a preprocessor. http://manual.snort.org/node23.html Once you compile your preprocessor you will place the preprocessor into the preprocessor folder. Should the same folder that has the other preprocessors out of the box. Then add your directive to the snort.conf file to tell it to include the new preprocessor and restart snort. Bill On Tue, Mar 10, 2015 at 1:45 AM, Al Lewis (allewi) <allewi () cisco com> wrote:
Hello, The link I sent shows an example of how to create and register your own custom preprocessor. If you are a beginner to C / development it “may” be a lot to start off with. Maybe you can try this as it explains the steps a little more in depth: http://www.sans.org/reading-room/whitepapers/tools/developing-snort-dynamic-preprocessor-32874 Hope this helps. Albert Lewis QA Software Engineer SOURCE*fire*, Inc. now part of *Cisco* 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com *From:* Roshan Srivastava [mailto:roshan.kumar417 () gmail com] *Sent:* Tuesday, March 10, 2015 4:33 AM *To:* Al Lewis (allewi) *Subject:* Re: [Snort-devel] Fwd: hybrid IDS using snort Thank You Sir for your response, I read that C code but I want to know how would i be able to integrate a preprocessors code into snort source code ..what are the packages I am suppose to install ...Please help me out with this .. P.S ..I am beginner to development thing.. :( On Mon, Mar 9, 2015 at 3:48 PM, Al Lewis (allewi) <allewi () cisco com> wrote: Do you have a basic preprocessor setup? If not this http://manual.snort.org/node40.html may be a good place to start. Hope this helps! Albert Lewis QA Software Engineer SOURCE*fire*, Inc. now part of *Cisco* 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com *From:* Roshan Srivastava [mailto:roshan.kumar417 () gmail com] *Sent:* Sunday, March 08, 2015 9:34 AM *To:* snort-devel () lists sourceforge net *Subject:* [Snort-devel] Fwd: hybrid IDS using snort I am doing a project based on intrusion detection systems. And I want to build a Hybrid IDS using open source tool SNORT. I read few good papers on that. But still I am not able to get a lead on how to mount PHAD (an anomaly based IDS) as a preprocessor to SNORT. Please help me to get a lead in my project. Thanks!! ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Fwd: hybrid IDS using snort Roshan Srivastava (Mar 08)
- Re: Fwd: hybrid IDS using snort Al Lewis (allewi) (Mar 09)
- Message not available
- Re: Fwd: hybrid IDS using snort Al Lewis (allewi) (Mar 10)
- Re: Fwd: hybrid IDS using snort Bill Reimer (Mar 12)
- Message not available
- Re: Fwd: hybrid IDS using snort Al Lewis (allewi) (Mar 09)