Snort mailing list archives
Re: [Snort-announce] Snort 2.0 rc1 available
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 1 Apr 2003 15:43:11 -0500
This isn't implemented (or planned) at this time, if you get it working let me know!
-Marty
On Thursday, March 27, 2003, at 02:34 AM, Mahdi Kefayati wrote:
In the Name of the Dearest Dear Martin,One of the things I have been looking for in snort is logging the URI which has caused a rule to be trigered. I'm aware of uricontent option but I want to log exactly the URI of a request, packet, etc. that has trigerd for example a content checking rule. This along with some url filter or flexresp functionality will help me to do content filtering and also some statistical analysis on my users.If anybody has worked on this topic please email me asap and if it's not implemented yet, would you please include it in snort 2.0.Best Regards Mahdi Kefayati Martin Roesch <roesch () sourcefire com> wrote: The Snort 2.0 release candidate 1 is available for your testing. We've been working on and tweaking Snort 2.0 for quite a while now and it's looking like it's ready to go. Please download it and check it out at the earliest opportunity. If you find any bugs, please read the doc/BUGS file before submitting a bug report, Snort works on too many platforms for us to guess at your configuration! This version features: * Higher performance (due to a new pattern matcher and rebuilt detection engine) * Better decoders * Enhanced stream reassembly and defragmentation * Tons of bug fixes * Updated rules * Updated snort.conf * New detection keywords (byte_test, byte_jump, distance, within) & stateful pattern matching * New HTTP flow analyzer * Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc) * Better self preservation in stateful sunsystems * Xrefs fixed * Flexresp works faster and more effectively * Better chroot()'ing * Fixed 802.1q decoding * Better async state handling * New alerting option: -A cmg!! The source tarball is available at http://www.snort.org/dl/snort-2.0.0rc1.tar.gz. A win32 build will follow shortly! Brought to you by the character ':', the letters 'w' and 'q' and the number 0x41414141. Enjoy! -Marty -- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-announce mailing list Snort-announce () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-announce
<image.tiff>
Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Snort-announce] Snort 2.0 rc1 available Martin Roesch (Apr 01)