Enquiries regarding search engine in Snort 3.0 Extras

[Siti Farhana Binti Lokman <sitifarhana.lokman () postgrad manchester ac uk>]

Hi folks,

I'm a newbie here. I'm planning to implement my search algorithm into Snort++  Extras as it allows us to install 
plugins with relatively ease.
What I understand so far is that there are two searching algorithms in search_engines folder; sfksearch.cc/h and 
lowmem.cc/h.
I tried to build and run the extras with autotools as shown in the blog.snort.org hoping to get the summary result of 
the default search engines in Snort++ Extras.
But I only got this:

-------------------------------------------------
0") ~ Snort++ 3.0.0-a1-160
--------------------------------------------------
Loading /opt/snort3/etc/snort/snort.lua:
file_id
ftp_data
back_orifice
ftp_server
http_inspect
ssh
telnet
sip
ssl
pop
classifications
stream_user
rpc_decode
port_scan
stream_tcp
perf_monitor
smtp
arp_spoof
stream_file
stream_icmp
stream_ip
stream
ftp_client
references
stream_udp
wizard
dns
imap
Finished /opt/snort3/etc/snort/snort.lua.
Reading rules until EOF or a line starting with END
Loading stdin:
Finished stdin.
--------------------------------------------------
rule counts
       total rules loaded: 1
               text rules: 1
            option chains: 1
            chain headers: 1
--------------------------------------------------
port rule counts
             tcp     udp    icmp      ip
     dst       1       0       0       0
    slow       1       0       0       0
   total       2       0       0       0
                instances: 1
                 patterns: 17
            pattern chars: 88
               num states: 81
         num match states: 17
              memory (KB): 4.21387
                 patterns: 0.749023
              match lists: 1.16406
              transitions: 1.90234

________________________________

After rebuild, I realized there's only lowmem search algorithm in /opt/snort3/lib/snort_extra/search_engines/ but but 
sfksearch was not included even though initially there were two (sfksearch & lowmem) in the Snort++ extra tarballs.

So Why is sfksearch is not compiled together after rebuild? Since the only file that were there after built were lowmem 
files, so I assume that the result generated is for lowmem.
Is this correct? If I copy the sfksearch file manually into snort extras folder, how do I run the sfksearch algorithm?
> From my understanding about snort 2.9.x, search algorithm that will be used is configured in config.h. I can't seems 
> to find any guide on how to set this up in Snort++ Extra.

For the implementation part, the documentation is very limited. Is there any configuration files that I need to modify 
so that I can set my search algorithm as a default? Do I need to build the plugin or I can just copy the plugin files 
into respective folder?

If I need to build it, may I know is there any documentation or complete guide on how I can do it?

Thanks in advance.



------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!