Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SnortSnarf version 021017.1 now available!

From: James Hoagland <hoagland () SiliconDefense com>
Date: Thu, 17 Oct 2002 13:53:08 -0700

Greetings all,
Silicon Defense is pleased to make available SnortSnarf version 021017.1, the latest release of its popular Snort alert browser. The things that people will probably appreciate the most is increased compatibility with Snort 1.9 and ability to display spp_portscan2 log entries. Here is the changes from the previous version: 

+ Updated parsing for Snort 1.9.0 full alert files
  + works around bug in which sometimes there is no blank line between
        alerts [thanks to Tomoyuki Murakami for the contrib]
  + works around bug in which there is sometimes an extraneous blank line
        in the middle of an alert (e.g., after NEXT LINK MTU)
  + now understands Xref sections in the form '[Xref => system id]'
  + removes any '\0' (^@) that was at the end of lines (e.g., at the end
        of ADMINISTRATIVELY PROHIBITED HOST FILTERED lines)
+ new-style Spade reports now processed (Spade version 021008.1 and on)
+ spp_portscan2 log files now processed (these entries are displayed
        somewhat prettified)
+ updated linking to ICMP log files; this involved updates for new ICMP
        header format in Snort 1.9.0
+ more robust recognition of non-packet alerts in different formats (these
        get ignored)
+ clarified warning about unknown ICMP type text and added repeat warning
        suppression (you'll now only get a warning about a particular string
        twice)
+ arachNIDS reference URLs now are to www.whitehats.com instead of
    whitehats.com
+ McAfee reference URL updated
+ SnortSnarf will now ignore lines beginning with '#' between alerts, so
        you can use that to begin a comment
This is a recommended update for all Snort users, especially those using 1.9 and greater. 

You can read more about SnortSnarf and download it for free from:

  http://www.silicondefense.com/software/snortsnarf/

Best regards,

  Jim
P.s. I would appreciate it if someone with Snort CVS commit access would check this release into the Snort's 'contrib' directory. 
--
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland () SiliconDefense com, http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|


-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: