[Snort-devel] TODO for Snort
joey at ...60...
Tue Apr 17 12:38:35 EDT 2001
Bart van Kuik wrote:
> I was wondering what Snort needs right now because I might have some free time (two months) to play around with the code. So I tried to think of some thinks in general:
> - A way to export alerts using the libidmef library (this is the implementation of the IETF's drafts for an inter-IDS library (I think))
The IDMEF XML plugin was developed to do this. It is available in the
contrib directory of Snort-1.7 or greater. The plugin uses libidmef to
construct IDMEF messages. I am in the process of updating libidmef to
conform to the latest specification (draft-ietf-idwg-idmef-xml-03.txt).
Once that is finished, I will update the IDMEF XML plugin as well. I'm
shooting for early May to release the next version of libidmef. The
next version of the IDMEF XML plugin should be finished shortly after,
if not the same time.
Currently, the IDMEF XML plugin only output to a file. I will be
incorporating in the BEEP transport protocol to allow the plugin to send
IDMEF messages to a remote location. I suspect this will be done using
an existing BEEP implementation. As of right now, the next IDMEF XML
plugin will be released in two stages; BEEP-less and BEEP-able. My goal
is to minimize the time between those releases.
Information on IDMEF, libidmef and the IDMEF XML plugin is available at:
Please feel free to contact me if you have questions, comments, or
| Joe McAlerney joey at ...63... |
| Silicon Defense - Technical Support for Snort |
| http://www.silicondefense.com/ |
More information about the Snort-devel