Snort mailing list archives
Re: [Snort-announce] Snort 2.0 rc1 available
From: Mahdi Kefayati <kefaiati () yahoo com>
Date: Wed, 26 Mar 2003 23:34:48 -0800 (PST)
In the Name of the Dearest Dear Martin, One of the things I have been looking for in snort is logging the URI which has caused a rule to be trigered. I'm aware of uricontent option but I want to log exactly the URI of a request, packet, etc. that has trigerd for example a content checking rule. This along with some url filter or flexresp functionality will help me to do content filtering and also some statistical analysis on my users. If anybody has worked on this topic please email me asap and if it's not implemented yet, would you please include it in snort 2.0. Best Regards Mahdi Kefayati Martin Roesch <roesch () sourcefire com> wrote:The Snort 2.0 release candidate 1 is available for your testing. We've been working on and tweaking Snort 2.0 for quite a while now and it's looking like it's ready to go. Please download it and check it out at the earliest opportunity. If you find any bugs, please read the doc/BUGS file before submitting a bug report, Snort works on too many platforms for us to guess at your configuration! This version features: * Higher performance (due to a new pattern matcher and rebuilt detection engine) * Better decoders * Enhanced stream reassembly and defragmentation * Tons of bug fixes * Updated rules * Updated snort.conf * New detection keywords (byte_test, byte_jump, distance, within) & stateful pattern matching * New HTTP flow analyzer * Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc) * Better self preservation in stateful sunsystems * Xrefs fixed * Flexresp works faster and more effectively * Better chroot()'ing * Fixed 802.1q decoding * Better async state handling * New alerting option: -A cmg!! The source tarball is available at http://www.snort.org/dl/snort-2.0.0rc1.tar.gz. A win32 build will follow shortly! Brought to you by the character ':', the letters 'w' and 'q' and the number 0x41414141. Enjoy! -Marty -- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-announce mailing list Snort-announce () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-announce --------------------------------- Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
Current thread:
- Re: [Snort-announce] Snort 2.0 rc1 available Mahdi Kefayati (Mar 27)
- Re: Re: [Snort-announce] Snort 2.0 rc1 available Bennett Todd (Mar 27)