Re: Fwd: hybrid IDS using snort

[Bill Reimer <breimer273 () gmail com>]

It's been a long time since I have done this, so pardon me if I leave out
details, but this link explains how to configure snort to include a
preprocessor.

http://manual.snort.org/node23.html

Once you compile your preprocessor you will place the preprocessor into the
preprocessor folder. Should the same folder that has the other
preprocessors out of the box. Then add your directive to the snort.conf
file to tell it to include the new preprocessor and restart snort.

Bill

On Tue, Mar 10, 2015 at 1:45 AM, Al Lewis (allewi) <allewi () cisco com> wrote:

>  Hello,
>
>
>
> The link I sent shows an example of how to create and register your own
> custom preprocessor.
>
>
>
> If you are a beginner to C / development it “may” be a lot to start off
> with.
>
>
>
>
>
> Maybe you can try this as it explains the steps a little more in depth:
>
>
>
>
> http://www.sans.org/reading-room/whitepapers/tools/developing-snort-dynamic-preprocessor-32874
>
>
>
>
>
> Hope this helps.
>
>
>
> Albert Lewis
>
> QA Software Engineer
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> 9780 Patuxent Woods Drive
> Columbia, MD 21046
>
> Phone: (office) 443.430.7112
>
> Email: allewi () cisco com
>
>
>
> *From:* Roshan Srivastava [mailto:roshan.kumar417 () gmail com]
> *Sent:* Tuesday, March 10, 2015 4:33 AM
> *To:* Al Lewis (allewi)
> *Subject:* Re: [Snort-devel] Fwd: hybrid IDS using snort
>
>
>
> Thank You Sir for your response,
> I read that C code but I want to know how would i be able to integrate a
> preprocessors code into snort source code ..what are the packages I am
> suppose to install ...Please help me out with this ..
> P.S ..I am beginner to development thing.. :(
>
>
>
> On Mon, Mar 9, 2015 at 3:48 PM, Al Lewis (allewi) <allewi () cisco com>
> wrote:
>
> Do you have a basic preprocessor setup? If not this
> http://manual.snort.org/node40.html may be a good place to start.
>
>
>
> Hope this helps!
>
>
>
> Albert Lewis
>
> QA Software Engineer
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> 9780 Patuxent Woods Drive
> Columbia, MD 21046
>
> Phone: (office) 443.430.7112
>
> Email: allewi () cisco com
>
>
>
> *From:* Roshan Srivastava [mailto:roshan.kumar417 () gmail com]
> *Sent:* Sunday, March 08, 2015 9:34 AM
> *To:* snort-devel () lists sourceforge net
> *Subject:* [Snort-devel] Fwd: hybrid IDS using snort
>
>
>
> I am doing a project based on intrusion detection systems.
>
> And I want to build a Hybrid IDS using open source tool SNORT. I read few
> good papers on that. But still I am not able to get a lead on how to mount
> PHAD (an anomaly based IDS) as a preprocessor to SNORT. Please help me to
> get a lead in my project.
>
> Thanks!!
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!