Re: [Snort-announce] Snort 2.0 rc1 available

[Mahdi Kefayati <kefaiati () yahoo com>]

In the Name of the Dearest
Dear Martin,
One of the things I have been looking for in snort is logging the URI which has caused a rule to be trigered. I'm aware 
of uricontent option but I want to log exactly the URI of a request, packet, etc. that has trigerd for example a 
content checking rule. This along with some url filter or flexresp functionality will help me to do content filtering 
and also some statistical analysis on my users.
If anybody has worked on this topic please email me asap and if it's not implemented yet, would you please include it 
in snort 2.0.
Best Regards
Mahdi Kefayati
 Martin Roesch <roesch () sourcefire com> wrote:The Snort 2.0 release candidate 1 is available for your testing. We've 
been working on and tweaking Snort 2.0 for quite a while now and it's 
looking like it's ready to go. Please download it and check it out at 
the earliest opportunity. If you find any bugs, please read the 
doc/BUGS file before submitting a bug report, Snort works on too many 
platforms for us to guess at your configuration!

This version features:

* Higher performance (due to a new pattern matcher and rebuilt 
detection engine)
* Better decoders
* Enhanced stream reassembly and defragmentation
* Tons of bug fixes
* Updated rules
* Updated snort.conf
* New detection keywords (byte_test, byte_jump, distance, within) & 
stateful pattern matching
* New HTTP flow analyzer
* Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
* Better self preservation in stateful sunsystems
* Xrefs fixed
* Flexresp works faster and more effectively
* Better chroot()'ing
* Fixed 802.1q decoding
* Better async state handling
* New alerting option: -A cmg!!

The source tarball is available at 
http://www.snort.org/dl/snort-2.0.0rc1.tar.gz. A win32 build will 
follow shortly!

Brought to you by the character ':', the letters 'w' and 'q' and the 
number 0x41414141. Enjoy!

-Marty

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-announce mailing list
Snort-announce () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-announce


---------------------------------
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!