[Snort-devel] Can Snort notify a user program when it finishes processing a packet?

Chang Liu gaustin909 at ...2499...
Tue Oct 25 15:50:31 EDT 2016


Dear all,

I am trying to integrate Snort in my program.
The function I want to implement is that my program sends a packet to the
Snort, Snort processes this packet, and notify me when it finishes
processing, and my program reads the alerts triggered if any.

I have tried a couple of solutions but still not satisfied:
- run a snort instance every time there is a new packet to sent. However,
there is a long overhead in loading Snort before it starts commencing
packets, and the internal relationship between packets are lost.
- run Snort to listen on an interface, and send packet to that interface.
Monitor the snort_alert file to tell if the packet is finished processing
or not. However, most packets are benign and hence won't trigger any alerts
at all.

Any suggestion to solve this problem? Is it possible to get notification
from Snort every time it finishes processing a packet?

Any help is appreciated. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20161025/36e777c5/attachment.html>


More information about the Snort-devel mailing list