[Snort-devel] snort 3.0 rule parser via Lua

Russ Combs rcombs at ...402...
Mon Jul 7 08:13:56 EDT 2008


Jun,

The Snort analyzer still parses the conf file, including rules, the same
as Snort 2.8.2.1.  Currently the only difference regarding parsing is
that what were command line options to Snort 2.8.2.1 are now configured
in the Lua file.  Additionally, the "config *" items in the conf can be
specified in Lua, although they are still parsed from the conf as well.

New rule parsing for SnortSP is still being worked out, but backwards
compatibility will be retained for the foreseeable future.

Russ

On Mon, 2008-07-07 at 16:01 +0800, Jun Xiao wrote:
> Hi All,
> 
> I have a question about the Lua usage in snort 3.0.
> As Marty mentioned at
> http://securitysauce.blogspot.com/2007/11/snort-30-architecture-series-part-1.html:
> "The command shell is running the Lua scripting language, a
> lightweight embeddable scripting language that is fast and portable as
> well as being very nice for implementing Domain Specific Languages. If
> Snort's parser wasn't one of your favorite features in the past you
> should definitely like this change! For those of you wondering if
> Snort 3.0 will handle Snort's existing rules language, of course it
> will. We're not planning on throwing out 9 years of accumulated
> detection functionality!"
> 
> For the source code, I can not find the code for parsing snort rule by
> Lua, so I am wondering if this is already supported in snort 3.0 beta
> or still under planning?
> 
> Thanks,
> Jun
> 
> -------------------------------------------------------------------------
> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
> Studies have shown that voting for your favorite open source project,
> along with a healthy diet, reduces your potential for chronic lameness
> and boredom. Vote Now at http://www.sourceforge.net/community/cca08
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel





More information about the Snort-devel mailing list