egn="e1"
ana="a1"
src="s1"
--
snort="/usr/local//lib/snort/snort.so"
opttab={
conf="/etc/snort/snort.conf",
dynamic_engine_lib="/usr/local/lib/snort/sf_engine.so",
dynamic_preprocessor_lib_dir="/usr/local/lib/snort/snort_preproc", 
A="fast", 
l="/tmp/", 
}

--
pcaps={}
pcaps[1]="/tmp/Honeynet-RFP-iis.pcap"

--
function init ()
eng.new(egn)
eng.add_analyzer({
engine=egn,
analyzer=ana,
order=1,
module=snort,
data=opttab,
bpf=""
})
end
--
function init_src (it, fn, fl)
dsrc.new({
name=src,
type="pcap", snaplen=1514,
intf=it, flags=fl,
filename=fn, max_count=0,
maxflows=100000000, maxidle=300,
flow_memcap=10000000,
defrag=fragtab,
display="none"
})
eng.link({engine=egn, source=src})
end
--
function term ()
ssp.shutdown()
end
--
function term_src ()
eng.unlink(egn)
dsrc.delete(src)
end
--
function ana_cmd (op)
eng.cfg_analyzer({engine=egn, analyzer=ana, data={cmd=op}})
end
--
function run_test ()
analyzer.cfgtest({order=1, module=snort, data=opttab})
term()
end
--
function run_file (pcap)
init_src("file", pcap, 1)
eng.test(egn)

term_src()
end
--
function run_files ()
init()
for i,pcap in ipairs(pcaps) do
run_file(pcap)
end
term()
end
--
function run_live ()
init()
init_src("", "", 1)
eng.start(egn)
end
--
function stats ()
ana_cmd("stats")
end
--
function stop ()
eng.stop(egn)
term_src()
term()
end
--
run_files()