[Snort-devel] Snort++ (3.0.0-237) Development

Al Lewis (allewi) allewi at cisco.com
Tue Nov 28 18:43:06 EST 2017


For the daq.. see the daq documentation

If you look into the extending.txt file there are instructions on how to build a dev guide (listed below).

=== Developers Guide

Run doc/dev_guide.sh to generate /tmp/dev_guide.html, an annotated guide to
the source tree.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Alija Sabic <sabic.alija at gmail.com<mailto:sabic.alija at gmail.com>>
Date: Tuesday, November 28, 2017 at 6:37 PM
To: allewi <allewi at cisco.com<mailto:allewi at cisco.com>>, "snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>" <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>
Subject: Re: [Snort-devel] Snort++ (3.0.0-237) Development

Great. Thanks a lot!

Does this document include the development of new modules for DAQ as well?
Secondly, is there any general documentation on the architecture of snort and its inner workings?

   Sorry, forgot to add it in my first message.

Kind regards,

2017-11-29 0:28 GMT+01:00 Al Lewis (allewi) <allewi at cisco.com<mailto:allewi at cisco.com>>:
Hello,

There should be a file in the “doc” folder of the snort3 download named “extending.txt”. It explains creating a plugin in the form of a codec.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-devel <snort-devel-bounces at lists.snort.org<mailto:snort-devel-bounces at lists.snort.org>> on behalf of Alija Sabic via Snort-devel <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>
Reply-To: Alija Sabic <sabic.alija at gmail.com<mailto:sabic.alija at gmail.com>>
Date: Tuesday, November 28, 2017 at 6:13 PM
To: "snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>" <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>, Alija Sabic <sabic.alija at gmail.com<mailto:sabic.alija at gmail.com>>
Subject: [Snort-devel] Snort++ (3.0.0-237) Development

Hi,

I started digging into the source code of snort++ and trying to find some comprehensible documentation on the architecture of snort, and how to develop plugins (what is possible,
and how to do it) - as part of my master thesis.

However, I wasn't able to find any document related to those topics. Except the (mainly usage)
documentation in form of text files in the source (resp. build) directories.

Searching in the mailing lists and in the latest documentation on snort 2.9.11 (at https://www.snort.org/documents/snort-users-manual) i was only able to find a section named `Snort Development`, however, the introduction stated:

...
Currently, this chapter is here as a place holder. It will someday contain references on how to create new detection plugins and preprocessors. End users don’t really need to be reading this section.  This is intended to help developers get a basic understanding of whats going on quickly.
...

The pages that follow are not quite promising for my intentions.

First I thought, I'm missing something, because some parts of the documentation refer to snorts' source code, like the mentioned document on snort 2.9.11.

However, nothing I've found so far, is covering the parts I would need and the few articles I've found - searching the web - are quite old.


Does anyone have a clue, where I could search for documentation on snort architecture or plugin development, specifically for the latest version snort++ (3.0.0-237) - but older documents might by relevant as well.


Thanks in advance!

--
Alija Sabic
E-Mail: sabic.alija at gmail.com<mailto:sabic.alija at gmail.com>


--
Alija Sabic
Dorfstr. 36
3464 Goldgeben

Telefon: +43 660 / 567 4 199
E-Mail: sabic.alija at gmail.com<mailto:sabic.alija at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20171128/effe33c7/attachment-0001.html>


More information about the Snort-devel mailing list