[Snort-devel] snort plugin questions

Martin Roesch roesch at ...48...
Sun Dec 31 13:10:00 EST 2000


Joseph Nicholas Yarbrough wrote:
> 
> Hi everyone!
> I have another volly of questions for you...
> 
> 1) What is the way to tell snort (on startup) to use my output plugin? I
> can't quite figure this out.

You need to put a call to your plugin's setup function in the
InitOutputPlugins() function in plugbase.c.  Make sure you've put an
include for the spo header file you've created into plugbase.h as well.
> 
> 2) Is there documentation somewhere on how a spo can parse it's config file
> directives?

Check out spo_log_tcpdump.c for how this is done.  Basically, you make a
"setup" function that attaches an initialization function to a keyword. 
When this keyword is put into the rules file as a directive, the parser
will call the initilization function you specify and pass it the
argument string.  That's where you parse the data and setup your data
structures for the main output function.

Check out the spo_log_tcpdump code, it's a really good example and
pretty easy to follow.


      -Marty


> 
> Thanks!
> 
> -Nick
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

--
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list