AW: Xml Plugins

["Poppi, Sandro" <Sandro.Poppi () wacker com>]

Neal,
 
I took over maintenance of snort's IDMEF plugin originally developed by the
folks at Silicon Defense. It creates IDMEF messages (xml based) for
portscan, SPADE and rule alerts (more still to come). If you're interested I
can send you the actual version this evening.
 
BTW, I hopefully will set up a new sourceforge project for snort-idmef this
weekend.
 
HTH,
Sandro
 


We are currently running snort 2.1 have upgraded from 2.0  we use the xml
plugin supplied by vigiliantminds.com  we have had a issue with it crashing
on 2.0 and 2.1 on a regular basis currently we are on  about a 8 meg isp
pipe seeing about 20000 events a day.  We really need the xml output from
snort for our parsers.   I have tried to download the xml patch from Cert
also but when I compile snort with the libih and libair options snort does
not recognize it and  gives no xml plugin support.   Has anybody been able
to get this to work at all.  Or does anyone know of any other xml plugins
that could be used with snort.

Any help is appreciated is this is a very big issue for our network. 

Thanks, 


Neal Timm 
1400 Sleepytime Trl 
Pflugerville, Tx 78660 
(512)-670-1516