[Snort-devel] Snort IDMEF Plugin 2.0.0alpha released
spoppi at ...224...
Sun May 15 08:39:48 EDT 2005
I'm happy to announce a new release of the GPL'ed Snort IDMEF plugin
2.0.0alpha for Snort as a patch against v2.3.3.
IDMEF is the Intrusion Detection Exchange Message Format which is XML
based and developed by the IETF working group IDWG. It's current status
Snort IDMEF enables Snort to generate IDMEF based messages and store
them either in a flat file or distribute them via TCP sockets.
This new version is a complete rewrite of the output plugin. The major
- complete rewrite
- conforms to current IDMEF Draft 14
- requires the new libidmef 1.0.2+
- added general message generation for not yet supported generators
- added sfportscan message generation
- added a patch for sfportscan preprocessor to show port/ip lists
instead of ranges as the original one
- added validate_log.c to validate idmef messages even if more than one
XML document is in a single file like the message file created by
it has to be compiled separately, see the file for instructions
- documentation updates
More details can be found in the plugin's ChangeLog.
- Snort 2.3.3+ source http://www.snort.org
- libidmef 1.0.2+ http://sourceforge.net/projects/libidmef
- libxml2 http://xmlsoft.org/
- snort-idmef-plugin ;) http://sourceforge.net/projects/snort-idmef
On the project's homepage you'll find some mailinglists for issues
related to the snort-idmef-plugin.
Feedback is always welcomed!
More information about the Snort-devel