Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: IDMEF Plugin

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Thu, 22 May 2003 08:41:46 +0200
Hi Tim,


What is the current status of the IDMEF Plugin?


It's currently somewhere between mainained and unmaintained. This means: Joe
McAlerney, Silicon Defense, the original author has no time to maintain it
further, and I'm currently thinking of taking over maintenance since I'm
currently extending it to make use of IDXP for data transport for our
threatman project (http://sourceforge.net/projects/threatman). I already
found some issues in the plugin which resulted in segfaults and IDXP support
already works but is not tested thouroughly (still alpha).


I noted that "--enable-idmef" is no longer a complile option 
in version
2.0.0.  


It has been removed from 2.x But it still works if you add it to snort 2.x
(but not that stable that I would recommend it for production)


Given this, after sorting through the various versions, I installed
1.9.0 from Silicon Defense which incorporates the IDMEF Plugin.  I
installed all the requisite software:  idmef, xml2, ntp.  I 
enabled the
plugin and got no apparent errors upon loading Snort.  However, upon
reception of traffic, Snort seg faults.  When I turn off the IDMEF
Plugin, I don't get any seg faults.


I'll send you my patches this evening, so stay tuned ;)
 

I also tried installing version 1.8.7.  However, as noted in 
a previous
post from Andrew Walther, I also get a libidmef not found error when I
run Snort's ./configure.  


Tim


Ciao,
Sandro


-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: