[Snort-users] Snort++ Extras

Russ Combs (rucombs) rucombs at ...589...
Tue Dec 16 12:56:35 EST 2014


Oops - try now.

________________________________
From: Y M [snort at ...15979...]
Sent: Tuesday, December 16, 2014 12:51 PM
To: snort-users
Subject: Re: [Snort-users] Snort++ Extras

I am getting 404 for the download links :)

YM

________________________________
Date: Tue, 16 Dec 2014 17:07:13 +0000
Subject: Snort

________________________________

Snort++ Extras<http://feedproxy.google.com/~r/Snort/~3/7k8QwqLZfDs/snort-extras.html?utm_source=feedburner&utm_medium=email>

Posted: 16 Dec 2014 07:00 AM PST

Snort++ Extras
Snort++ is all about plugins. It has over 140 by default and makes it easy to add more in C++ or LuaJIT. This post will walk you through building and running a set of extra example plugins. If you haven't installed and verified Snort++, you will need to do that first. We will cover the following topics:

  *   Overview
  *   Download
  *   Build Extras
  *   Run Extras
  *   Next Steps

OVERVIEW
The following things are pluggable in Snort++:

  *   codec - decode and encode support for a given protocol
  *   data - additional configuration for inspectors
  *   inspector - replaces Snort preprocessors
  *   ips_option - IPS rule option like content and byte_test
  *   ips_action - IPS rule action like alert and block
  *   search_engine - fast pattern matcher
  *   logger - event handers
  *   SO rules - dynamic rules

DOWNLOAD
There are two extra tarballs, once for autotools and one for cmake:

    snort_extra-1.0.0-a1-130-auto.tar.gz<http://www.snort.org/downloads/snortplus/snort_extra-1.0.0-a1-130-auto.tar.gz>
    snort_extra-1.0.0-a1-130-cmake.tar.gz<http://www.snort.org/downloads/snortplus/snort_extra-1.0.0-a1-130-cmake.tar.gz>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141216/3320363f/attachment.html>


More information about the Snort-users mailing list