Snort mailing list archives
ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.4alpha for snort 2.1.1 released
From: Sandro Poppi <spoppi () gmx net>
Date: Sat, 27 Mar 2004 18:21:04 +0100
Hi Snorters, I'm happy to announce a new release of the GPL'ed Snort IDMEF plugin 1.2.4alpha for Snort 2.1.1. IDMEF is the Intrusion Detection Exchange Message Format which is XML based and developed by the IETF working group IDWG. It's current status is "Draft". Snort IDMEF enables Snort to generate IDMEF based messages and store them either in a flat file or distribute them via TCP sockets. The changes in this version are: - configure.in: -- added support for new header structure in libidmef 0.7.3 alpha -- added --enable-char_ref (default=disabled; see below) - spo_idmef.c: -- added support for new header structure in libidmef 0.7.3 alpha -- added ability for homenet not requiring to be a single address/network, now lists are also supported, e.g. [192.168.1.0/24,192.168.2.0/24,192.168.3.0/24] -- incorporated ascii output patch for conforming to IDMEF draft by adding option char_ref due to the fact that XML 1.0 is not supporting all chars below 0x20 it has been worked around which breaks the IDMEF draft until XML 1.1 is available in libxml2 (use base64 instead if you need all info in the payload according to the draft) (thanks to David C. Hoos for providing it) - packaged for snort 2.1.1 Requirements: - Snort 2.1.1 source http://www.snort.org - libidmef http://sourceforge.net/projects/libidmef - libxml2 http://xmlsoft.org/ - snort-idmef-plugin ;) http://sourceforge.net/projects/snort-idmef On the project's homepage you'll find some mailinglists for issues related to the snort-idmef-plugin. Feedback is always welcomed! Happy snort'ing, Sandro
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.4alpha for snort 2.1.1 released Sandro Poppi (Mar 27)