Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
55 lines (40 sloc) 1.67 KB

Description

External data acquisition module for Snort which reads directly from an Endace DAG card.

Requirements

Installation

  • Compile and install Endace SDK.
  • Compile and install Snort DAQ libraries. (Version 1.1 or 2.0 should work.)
  • Clone this repository or download and extract the zip archive file.
  • Configure and compile
    autoreconf -ivf
    ./configure
    make
    make install
    
  • Add the configuration items to snort.conf
    config daq: endace
    config daq_dir: /usr/local/lib/daq
    config daq_mode: passive
    

Caveats

  • This code has been somewhat tested.

Thanks

  • Randy Caldejon at packetchaser.org for authoring the Napatech DAQ module
  • Brian Trammell at Carnegie Mellon for authoring the YAF DAG code
  • Endace for authoring tons of documentation

License

Copyright (c) 2013 William Allison

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.