Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort IDMEF Plugin 2.0.0alpha released

From: Sandro Poppi <spoppi () gmx net>
Date: Sun, 15 May 2005 17:39:06 +0200
 Hi Snorters,

I'm happy to announce a new release of the GPL'ed Snort IDMEF plugin
2.0.0alpha for Snort as a patch against v2.3.3.

IDMEF is the Intrusion Detection Exchange Message Format which is XML
based and developed by the IETF working group IDWG. It's current status
is "Draft".

Snort IDMEF enables Snort to generate IDMEF based messages and store
them either in a flat file or distribute them via TCP sockets.
This new version is a complete rewrite of the output plugin. The major changes are: 

- complete rewrite
- conforms to current IDMEF Draft 14
- requires the new libidmef 1.0.2+
- added general message generation for not yet supported generators
- added sfportscan message generation
- added a patch for sfportscan preprocessor to show port/ip lists instead of ranges as the original one - added validate_log.c to validate idmef messages even if more than one XML document is in a single file like the message file created by snort-idmef 
  it has to be compiled separately, see the file for instructions
- documentation updates

More details can be found in the plugin's ChangeLog.

Requirements:
- Snort 2.3.3+ source http://www.snort.org
- libidmef 1.0.2+ http://sourceforge.net/projects/libidmef
- libxml2 http://xmlsoft.org/
- snort-idmef-plugin ;) http://sourceforge.net/projects/snort-idmef

On the project's homepage you'll find some mailinglists for issues
related to the snort-idmef-plugin.

Feedback is always welcomed!

Happy snort'ing,
Sandro



-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: