[Snort-devel] Snort++ (3.0.0-237) Development

Alija Sabic sabic.alija at gmail.com
Tue Nov 28 18:13:35 EST 2017


Hi,

I started digging into the source code of snort++ and trying to find some
comprehensible documentation on the architecture of snort, and how to
develop plugins (what is possible,
and how to do it) - as part of my master thesis.

However, I wasn't able to find any document related to those topics. Except
the (mainly usage)
documentation in form of text files in the source (resp. build) directories.

Searching in the mailing lists and in the latest documentation on snort
2.9.11 (at https://www.snort.org/documents/snort-users-manual) i was only
able to find a section named `Snort Development`, however, the introduction
stated:

...
Currently, this chapter is here as a place holder. It will someday contain
references on how to create new detection plugins and preprocessors. End
users don’t really need to be reading this section.  This is intended to
help developers get a basic understanding of whats going on quickly.
...

The pages that follow are not quite promising for my intentions.

First I thought, I'm missing something, because some parts of the
documentation refer to snorts' source code, like the mentioned document on
snort 2.9.11.

However, nothing I've found so far, is covering the parts I would need and
the few articles I've found - searching the web - are quite old.


Does anyone have a clue, where I could search for documentation on snort
architecture or plugin development, specifically for the latest version
snort++ (3.0.0-237) - but older documents might by relevant as well.


Thanks in advance!

-- 
Alija Sabic
E-Mail: sabic.alija at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20171129/1683c361/attachment.html>


More information about the Snort-devel mailing list