[Snort-devel] snortsp LUA support

Jaime Blasco jaime.blasco at ...3060...
Sat Sep 12 07:33:11 EDT 2009


Hi,

I was trying to write some analyze stuff with LUA on snortsp platform.
If you take a look at snort.lua you'll find that the function lsniff is
commented.
-- This function will instantiate a data source and an engine, link
-- them and start sniffing.  The only argument is the interface name
-- upon which to sniff specified as a string.  This function will also
-- load a Lua script file called snort-funcs.lua and call the function
within
-- that file named "lua_analyzer" which just hexdumps the packet payload.
-- Use your imagination for applications of this lua-based traffic analysis
-- capability.

This line inside the function:
eng.lua_setup("e3", "/etc/snort_funcs.lua", "lua_analyzer")
include the lua file /etc/snort_funcs.lua where you can set callbacks to
analyze packets.

But if you uncomment the lsniff function and try to execute it inside
snortsp:
/etc/snortsp/snort.lua:90: attempt to call field 'lua_setup' (a nil value)

It seems that lua_setup is not yet implemented, I can't find it at
platform/engine_manager.c

Is there a way to set callbacks to analyze traffic with LUA?

Maybe it isn't implemented yet....

Regards




-- 
_______________________________

Jaime Blasco

www.ossim.com
www.alienvault.com
Email: jaime.blasco at ...3060...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20090912/a7001f10/attachment.html>


More information about the Snort-devel mailing list