[Snort-devel] Snort++ (3.0.0-237) Development

Al Lewis (allewi) allewi at cisco.com
Tue Nov 28 18:28:41 EST 2017


Hello,

There should be a file in the “doc” folder of the snort3 download named “extending.txt”. It explains creating a plugin in the form of a codec.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-devel <snort-devel-bounces at lists.snort.org<mailto:snort-devel-bounces at lists.snort.org>> on behalf of Alija Sabic via Snort-devel <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>
Reply-To: Alija Sabic <sabic.alija at gmail.com<mailto:sabic.alija at gmail.com>>
Date: Tuesday, November 28, 2017 at 6:13 PM
To: "snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>" <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>, Alija Sabic <sabic.alija at gmail.com<mailto:sabic.alija at gmail.com>>
Subject: [Snort-devel] Snort++ (3.0.0-237) Development

Hi,

I started digging into the source code of snort++ and trying to find some comprehensible documentation on the architecture of snort, and how to develop plugins (what is possible,
and how to do it) - as part of my master thesis.

However, I wasn't able to find any document related to those topics. Except the (mainly usage)
documentation in form of text files in the source (resp. build) directories.

Searching in the mailing lists and in the latest documentation on snort 2.9.11 (at https://www.snort.org/documents/snort-users-manual) i was only able to find a section named `Snort Development`, however, the introduction stated:

...
Currently, this chapter is here as a place holder. It will someday contain references on how to create new detection plugins and preprocessors. End users don’t really need to be reading this section.  This is intended to help developers get a basic understanding of whats going on quickly.
...

The pages that follow are not quite promising for my intentions.

First I thought, I'm missing something, because some parts of the documentation refer to snorts' source code, like the mentioned document on snort 2.9.11.

However, nothing I've found so far, is covering the parts I would need and the few articles I've found - searching the web - are quite old.


Does anyone have a clue, where I could search for documentation on snort architecture or plugin development, specifically for the latest version snort++ (3.0.0-237) - but older documents might by relevant as well.


Thanks in advance!

--
Alija Sabic
E-Mail: sabic.alija at gmail.com<mailto:sabic.alija at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20171128/cd3c652b/attachment-0001.html>


More information about the Snort-devel mailing list