Plugins
- What is a plugin?
- Types of plugins
What is a plugin?
A plugin is a piece of code (written to comply to a particular API) which
extends the capability of snort. Plugins provide the ability to make snort
do new and interesting things without directly modifying the internal
architecture.
Types of plugins
There are currently three type of plugins available in snort. They are
preprocessor plugins, detection plugins, and output plugins. Each of
these acts at a different point in the detection scheme. The detection
scheme of snort has three basic parts: packet capture, rule matching, and
data output. The preprocessor plugins work on packets before they are
passed to the detection engine. The detection plugins are employed as
part of the rules used to match packets. The output plugins work with
either the alert messages or the packets to be logged.
Copyright 2000 Andrew R. Baker