Snort mailing list archives
ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.3alpha for snort 2.1.0 released
From: Sandro Poppi <spoppi () gmx net>
Date: Sun, 11 Jan 2004 13:44:44 +0100
Hi Snorters, I'm happy to announce a new release of the GPL'ed Snort IDMEF plugin 1.2.3alpha for Snort 2.1.0. IDMEF is the Intrusion Detection Exchange Message Format which is XML based and developed by the IETF working group IDWG. It's current status is "Draft". Snort IDMEF enables Snort to generate IDMEF based messages and store them either in a flat file or distribute them via TCP sockets. The changes in this version are: - configure.in -- added option --enable-old which enables compatibility mode for snort 2.0.x This is highly DISCOURAGED! It enables portscan/http_decode preprocessor alerts. -- added check for sys/utsname.h - added support for flow-portscan preprocessor - added support for http-inspect preprocessor - BuildSource/BuildTarget: added check for NULL packet - added creation of IDMEF Impact Class for rules; see README.impact for details - added README.impact Requirements: - Snort 2.1.0 source http://www.snort.org - libidmef http://sourceforge.net/projects/libidmef - libxml2 http://xmlsoft.org/ - snort-idmef-plugin ;) http://sourceforge.net/projects/snort-idmef On the project's homepage you'll find some mailinglists for issues related to the snort-idmef-plugin. Feedback is always welcomed! Happy snort'ing, Sandro
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.3alpha for snort 2.1.0 released Sandro Poppi (Jan 11)
- <Possible follow-ups>
- Re: ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.3alpha for snort 2.1.0 released Sandro Poppi (Jan 12)