[Snort-devel] Snort++ (3.0.0-237) Development

Alija Sabic sabic.alija at gmail.com
Tue Nov 28 18:37:35 EST 2017


Great. Thanks a lot!

Does this document include the development of new modules for DAQ as well?
Secondly, is there any general documentation on the architecture of snort
and its inner workings?

   Sorry, forgot to add it in my first message.

Kind regards,

2017-11-29 0:28 GMT+01:00 Al Lewis (allewi) <allewi at cisco.com>:
>
>> Hello,
>>
>> There should be a file in the “doc” folder of the snort3 download named
>> “extending.txt”. It explains creating a plugin in the form of a codec.
>>
>>
>> *Albert Lewis*
>>
>> ENGINEER.SOFTWARE ENGINEERING
>>
>> SOURCE*fire*, Inc. now part of *Cisco*
>>
>> Email: allewi at cisco.com
>>
>> From: Snort-devel <snort-devel-bounces at lists.snort.org> on behalf of
>> Alija Sabic via Snort-devel <snort-devel at lists.snort.org>
>> Reply-To: Alija Sabic <sabic.alija at gmail.com>
>> Date: Tuesday, November 28, 2017 at 6:13 PM
>> To: "snort-devel at lists.snort.org" <snort-devel at lists.snort.org>, Alija
>> Sabic <sabic.alija at gmail.com>
>> Subject: [Snort-devel] Snort++ (3.0.0-237) Development
>>
>> Hi,
>>
>> I started digging into the source code of snort++ and trying to find some
>> comprehensible documentation on the architecture of snort, and how to
>> develop plugins (what is possible,
>> and how to do it) - as part of my master thesis.
>>
>> However, I wasn't able to find any document related to those topics.
>> Except the (mainly usage)
>> documentation in form of text files in the source (resp. build)
>> directories.
>>
>> Searching in the mailing lists and in the latest documentation on snort
>> 2.9.11 (at https://www.snort.org/documents/snort-users-manual) i was
>> only able to find a section named `Snort Development`, however, the
>> introduction stated:
>>
>> ...
>> Currently, this chapter is here as a place holder. It will someday
>> contain references on how to create new detection plugins and
>> preprocessors. End users don’t really need to be reading this section.
>> This is intended to help developers get a basic understanding of whats
>> going on quickly.
>> ...
>>
>> The pages that follow are not quite promising for my intentions.
>>
>> First I thought, I'm missing something, because some parts of the
>> documentation refer to snorts' source code, like the mentioned document on
>> snort 2.9.11.
>>
>> However, nothing I've found so far, is covering the parts I would need
>> and the few articles I've found - searching the web - are quite old.
>>
>>
>> Does anyone have a clue, where I could search for documentation on snort
>> architecture or plugin development, specifically for the latest version
>> snort++ (3.0.0-237) - but older documents might by relevant as well.
>>
>>
>> Thanks in advance!
>>
>> --
>> Alija Sabic
>> E-Mail: sabic.alija at gmail.com
>>
>
>
-- 
Alija Sabic
Dorfstr. 36
3464 Goldgeben

Telefon: +43 660 / 567 4 199
E-Mail: sabic.alija at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20171129/5aa5cd2d/attachment.html>


More information about the Snort-devel mailing list