[Snort-devel] snortsp LUA support

Jaime Blasco jaime.blasco at ...3060...
Sat Sep 12 07:33:11 EDT 2009


I was trying to write some analyze stuff with LUA on snortsp platform.
If you take a look at snort.lua you'll find that the function lsniff is
-- This function will instantiate a data source and an engine, link
-- them and start sniffing.  The only argument is the interface name
-- upon which to sniff specified as a string.  This function will also
-- load a Lua script file called snort-funcs.lua and call the function
-- that file named "lua_analyzer" which just hexdumps the packet payload.
-- Use your imagination for applications of this lua-based traffic analysis
-- capability.

This line inside the function:
eng.lua_setup("e3", "/etc/snort_funcs.lua", "lua_analyzer")
include the lua file /etc/snort_funcs.lua where you can set callbacks to
analyze packets.

But if you uncomment the lsniff function and try to execute it inside
/etc/snortsp/snort.lua:90: attempt to call field 'lua_setup' (a nil value)

It seems that lua_setup is not yet implemented, I can't find it at

Is there a way to set callbacks to analyze traffic with LUA?

Maybe it isn't implemented yet....



Jaime Blasco

Email: jaime.blasco at ...3060...
