[Snort-devel] snortsp LUA support

From: Jaime Blasco <jaime.blasco_at_nospam>
Date: Sat Sep 12 2009 - 11:33:11 GMT
To: snort-devel@lists.sourceforge.net

Hi,

I was trying to write some analyze stuff with LUA on snortsp platform. If you take a look at snort.lua you'll find that the function lsniff is commented.
-- This function will instantiate a data source and an engine, link

them and start sniffing. The only argument is the interface name
upon which to sniff specified as a string. This function will also
load a Lua script file called snort-funcs.lua and call the function within
that file named "lua_analyzer" which just hexdumps the packet payload.
Use your imagination for applications of this lua-based traffic analysis
capability.

This line inside the function:
eng.lua_setup("e3", "/etc/snort_funcs.lua", "lua_analyzer") include the lua file /etc/snort_funcs.lua where you can set callbacks to analyze packets.

But if you uncomment the lsniff function and try to execute it inside snortsp:
/etc/snortsp/snort.lua:90: attempt to call field 'lua_setup' (a nil value)

It seems that lua_setup is not yet implemented, I can't find it at platform/engine_manager.c

Is there a way to set callbacks to analyze traffic with LUA?

Maybe it isn't implemented yet....

Regards

Jaime Blasco

www.ossim.com
www.alienvault.com
Email: jaime.blasco@alienvault.com

Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

This message: [ Message body ]
Next message: Jason Wallace: "[Snort-devel] snort-2.8.5 -h info incorrect"
Previous message: Todd Wease: "Re: [Snort-devel] DCERPC2 Questions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]