[Snort-devel] Re: ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.3alpha for snort 2.1.0 released

Sandro Poppi spoppi at ...224...
Mon Jan 12 08:57:02 EST 2004


Hi Snorters,

I'm happy to announce a new release of the GPL'ed Snort IDMEF plugin 
1.2.3alpha for Snort 2.1.0.

IDMEF is the Intrusion Detection Exchange Message Format which is XML 
based and developed by the IETF working group IDWG. It's current status 
is "Draft".

Snort IDMEF enables Snort to generate IDMEF based messages and store 
them either in a flat file or distribute them via TCP sockets.

The changes in this version are:

   - configure.in
   -- added option --enable-old which enables compatibility mode for
     snort 2.0.x
     This is highly DISCOURAGED! It enables portscan/http_decode
     preprocessor alerts.
   -- added check for sys/utsname.h
   - added support for flow-portscan preprocessor
   - added support for http-inspect preprocessor
   - BuildSource/BuildTarget: added check for NULL packet
   - added creation of IDMEF Impact Class for rules; see README.impact
     for details
   - added README.impact

Requirements:
    - Snort 2.1.0 source http://www.snort.org
    - libidmef http://sourceforge.net/projects/libidmef
    - libxml2 http://xmlsoft.org/
    - snort-idmef-plugin ;) http://sourceforge.net/projects/snort-idmef

On the project's homepage you'll find some mailinglists for issues
related to the snort-idmef-plugin.

Try it and enjoy!

Happy snort'ing,
Sandro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3162 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040112/61084f94/attachment.bin>


More information about the Snort-devel mailing list