[Snort-devel] snort plugin questions

Martin Roesch roesch at ...48...
Sun Dec 31 13:10:00 EST 2000

Joseph Nicholas Yarbrough wrote:
> Hi everyone!
> I have another volly of questions for you...
> 1) What is the way to tell snort (on startup) to use my output plugin? I
> can't quite figure this out.

You need to put a call to your plugin's setup function in the
InitOutputPlugins() function in plugbase.c.  Make sure you've put an
include for the spo header file you've created into plugbase.h as well.
> 2) Is there documentation somewhere on how a spo can parse it's config file
> directives?

Check out spo_log_tcpdump.c for how this is done.  Basically, you make a
"setup" function that attaches an initialization function to a keyword. 
When this keyword is put into the rules file as a directive, the parser
will call the initilization function you specify and pass it the
argument string.  That's where you parse the data and setup your data
structures for the main output function.

Check out the spo_log_tcpdump code, it's a really good example and
pretty easy to follow.


> Thanks!
> -Nick
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

Martin Roesch
roesch at ...48...

More information about the Snort-devel mailing list