Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
afterglow.module
aimsnarf.module
argus-basic.module
argus3-pcap2flow.module
argus3-ramon.module
bro-ids-conn.module
bro-ids-protocol.module
bro-ids-stream.module
capinfos.module
categories
chaosreader.module
clamscan.module
dnstop.module
fl0p.module
flowtag.module
flowtime.module
foremost.module
harimau.module
hash.module
honeysnap.module
httpry.module
ip2asn.module
iploc.module
ngrep.module
p0f.module
pads.module
snort.module initial commit, moving to git Oct 8, 2008
tcpdstat.module
tcpflow.module
tcpick.module
tcptrace.module
tcpxtract.module
trace-summary.module
tshark.module
yahsnarf.module
README

README

How to create a module:

1. Create a directory called <name>.module where <name> is the name of your module

Inside the <name>.module directory:

2. Create a file called <name> containing commands, may be multiple lines.
Example: 

tcpdump -X -n -vvv -r ${PCAP_FILE} >> ${OUTPUT_DIR}/${OUTPUT_FILE}
echo "Hello world" >> ${OUTPUT_DIR}/${OUTPUT_FILE}

Note that every line is given a clean environment, so in order to change directories, put the following on one line:

cd dir && echo "do some stuff"

3. Create a file called 'description' with a 1-line description of the module's actions

4. Create a file called 'info' giving detailed information about your module

5. Create a file called 'defaults' that has options for your module
Example:

OUTPUT_FILE=${PCAP_BASE}.out

It is a good idea to explain what this option means in the info file.

6. If desired, add the module to a category in the categories directory


##################################################################
##################################################################
The following variables are RESERVED and will ALWAYS be replaced:

${PCAP_FILE} - The location of the pcap file
${PCAP_BASE} - The basename of the pcap file
${MODULE_DIR} - The module directory
${MODULE_NAME} - The name of the module
${OUTPUT_DIR} - The output directory

Any other variable can be declared
##################################################################
##################################################################