[Snort-users] Output Plugin writing

Jason Brvenik jasonb at ...1935...
Fri Apr 27 08:59:52 EDT 2007


It certainly clears it up. As a general rule, one should not write
output plugins for the engine as they tend to slow it down and add
unneeded overhead. The recommended way to perform these actions is to
use unified output and a post processing piece of code to do the
transforms to what ever system you choose. Barnyard is fairly easy to
work with as are the perl and ruby unified tools. If you would like
specific assistance please feel free to mail me privately.


eschnei at ...14108... wrote:
> I guess I wasn't being clear enough earlier, my apologies. I need to use a
> plug-in, or write a plug-in that allows me to take selected data from the
> packet and put it in a pike delimited file so our reporting program we
> already have in place can read the file. My problem is, I'm having trouble
> finding a template to follow, and the attributes for the different data
> structures, especially the Packet one. I hope that helps clear things up.
>
> Thanks,
> Brian
>
>   
>> I forgot to mention that you can use the ruby unified code that Caswell
>> put out too.
>>
>> http://www.shmoo.com/~bmc/software/ruby/unified.html
>>
>>     





More information about the Snort-users mailing list