[Snort-devel] reusing snort's engine

Bret Watson bret.watson at ...1010...
Mon Mar 11 23:59:05 EST 2002

Have a look on www. sourceforge.net for "snort-adapter" I've been doing 
just that - though I', flooded with work right now and can't do much more 
work on it :{..


At 21:40 11/03/02 -0800, you wrote:
>I want to write an application that has to do pattern matching on a
>stream of messages.
>The messages are plain-text lines, terminated in \n. They are sent via a
>named pipe or something similar (the transport is not yet decided).
>Every message has a few more-or-less fixed labels, and a body of a
>variable length. One or more messages can constitute and event (all
>messages of an event are not necessarily successive, but other messages
>might get mixed between).
>As you see, this is very much like Snort does for IP protocols (messages
>= IP packets, labels = IP and TCP headers, events = sessions, etc.).
>Which gave me an idea...
>Is it possible to re-use Snort's pattern matching engine to do a pattern
>matching on something quite different from IP packets?
>I would love to use Snort for this, because it's quite fast, and i need
>a lot of speed for my application.
>Well, it's just a crazy idea. Don't laugh on me too loud... :-)
>Florin Andrei
