[Snort-devel] SNORT openflow

Russ Combs rcombs at ...402...
Mon Jan 14 10:13:14 EST 2013


On Sun, Jan 13, 2013 at 4:59 PM, Jason Ish <lists at ...2902...> wrote:

> On Sun, Jan 13, 2013 at 1:34 PM, patricio <paponcio6 at ...2499...> wrote:
>
>>  Is more like this: I want to use Snort as IPS/IDS. Once a get an alert,
>> I want to pass this information to my application in my openflow
>> controller. My question is how to send this alerts to my application.
>>
>
> There is no one way to do this as far as I know.  One approach I would
> take with the Floodlight or BigSwitch controller would be to have Snort or
> Barnyard send events to syslog, have a script monitoring syslog and do what
> it needs to do with the controllers REST API.  This would be a pretty basic
> integration.
>
> Just noticed this is on snort-devel, but its probably better suited for
> the users list.
>

>From a devel perspective, you could create a dynamic output plugin to feed
your openflow controller.

>
> Jason
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_123012
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130114/d51a0fb4/attachment.html>


More information about the Snort-devel mailing list