On Sat, 30 Aug 2014 01:51:14 +0800 Che-Wei Lin <[email protected]> wrote:
> From: John-Lin <[email protected]> > > When there is a Snort alert message, Ryu will receive an event called > EventAlert. > You can easily define the event handler in the method which using ‘set_ev_cls’ > decorator with snortlib.EventAlert parameter. > > The simple_switch_snort.py can install a flow that mirroring incoming packets > to the snort's NIC > which correspond the OpenFlow switch on port 3 (by default). > > There are two methods that sending alert message to Ryu. > > 1. Ryu and Snort are both on the same machine. > Ryu receives alert message via Unix Domain Socket. > > 2. Ryu and Snort are separate on different machines. > Ryu receives alert message via Network Socket. > > More detail see doc/snort_integrate.rst > > Signed-off-by: Che-Wei Lin <[email protected]> > --- > doc/source/snort_integrate.rst | 152 > +++++++++++++++++++++++++++++++++++++++++ > ryu/app/simple_switch_snort.py | 145 +++++++++++++++++++++++++++++++++++++++ > ryu/lib/alert.py | 125 +++++++++++++++++++++++++++++++++ > ryu/lib/snortlib.py | 107 +++++++++++++++++++++++++++++ > 4 files changed, 529 insertions(+) > create mode 100644 doc/source/snort_integrate.rst > create mode 100644 ryu/app/simple_switch_snort.py > create mode 100644 ryu/lib/alert.py > create mode 100644 ryu/lib/snortlib.py Applied, thanks! ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Ryu-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ryu-devel
