[Snort-devel] SnortSP: adding analyzer

Tako Chanz tako_chanz at ...445...
Thu Jun 23 17:34:09 EDT 2011


Hi all,

I need some help on understanding SnortSP.

using the dummy lua analyzer(snort_funcs.lua in the etc folder) for example and my questions are:

1. How to get SnortSP to load and run this analyzer at startup?
2. with function lua_analyzer (buf, offset, proto, dport),
     1. is the param args feed by the framework?
     2. what is offset and buf point to?

Is there any more documentation on how to create analyzer in lua?


Thank you all guru!
Tako,
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110623/f9a16c58/attachment.html>


More information about the Snort-devel mailing list