[Snort-devel] Request for addition of output plugin

Frank Knobbe FKnobbe at ...339...
Sun Aug 19 00:14:35 EDT 2001

Hash: SHA1


SnortSam is the output plugin I developed to allow Snort to
reconfigure Checkpoint FW-1 firewalls. Unlike Marc Chauvin's plugin,
mine is based on an client-agent concept. Most of the intelligent
processing is done within the agent that runs on the firewalls. The
output plugin in Snort basically forwards blocking requests to one or
more agents which then perform the block (to keep the impact on Snort

The communication between Snort and the SnortSam agent is encrypted
using TwoFish. The TwoFish routines were written into library form so
that other Snort plugins (perhaps database outputs) can make use of
them as well.

Please let me know what the process is to propose an output plugin
for inclusion into the Snort CVS tree. I can email the files to the
list, or you can get them from the SnortSam web site at
http://www.snortsam.net or FTP. In addition, they can be pulled from
the CVS server using > cvs -d
:pserver:anonymous at ...618...:/cvsroot co snort < 

We are looking at 4 files, spo_alert_fwsam.c/.h (my plugin) and
twofish.c/.h (the TwoFish library). It's been written to compile and
run under any platform. It compiles/runs great under Windows, but I
have not received feedback from Unix beta testers. Since it's pretty
much standard ANSI C, I don't see any problems.

Please advise on the process of getting it included in Snort.


Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.


More information about the Snort-devel mailing list