[Snort-devel] SNORT openflow

Jason Ish lists at ...2902...
Sun Jan 13 16:59:40 EST 2013


On Sun, Jan 13, 2013 at 1:34 PM, patricio <paponcio6 at ...2499...> wrote:

>  Is more like this: I want to use Snort as IPS/IDS. Once a get an alert, I
> want to pass this information to my application in my openflow controller.
> My question is how to send this alerts to my application.
>

There is no one way to do this as far as I know.  One approach I would take
with the Floodlight or BigSwitch controller would be to have Snort or
Barnyard send events to syslog, have a script monitoring syslog and do what
it needs to do with the controllers REST API.  This would be a pretty basic
integration.

Just noticed this is on snort-devel, but its probably better suited for the
users list.

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130113/e3b9431e/attachment.html>


More information about the Snort-devel mailing list