[Snort-devel] Snort IDMEF Plugin 2.0.0alpha released

Sandro Poppi spoppi at ...224...
Sun May 15 08:39:48 EDT 2005


  Hi Snorters,

I'm happy to announce a new release of the GPL'ed Snort IDMEF plugin
2.0.0alpha for Snort as a patch against v2.3.3.

IDMEF is the Intrusion Detection Exchange Message Format which is XML
based and developed by the IETF working group IDWG. It's current status
is "Draft".

Snort IDMEF enables Snort to generate IDMEF based messages and store
them either in a flat file or distribute them via TCP sockets.

This new version is a complete rewrite of the output plugin. The major 
changes are:

- complete rewrite
- conforms to current IDMEF Draft 14
- requires the new libidmef 1.0.2+
- added general message generation for not yet supported generators
- added sfportscan message generation
- added a patch for sfportscan preprocessor to show port/ip lists 
instead of ranges as the original one
- added validate_log.c to validate idmef messages even if more than one 
XML document is in a single file like the message file created by 
snort-idmef
   it has to be compiled separately, see the file for instructions
- documentation updates

More details can be found in the plugin's ChangeLog.

Requirements:
- Snort 2.3.3+ source http://www.snort.org
- libidmef 1.0.2+ http://sourceforge.net/projects/libidmef
- libxml2 http://xmlsoft.org/
- snort-idmef-plugin ;) http://sourceforge.net/projects/snort-idmef

On the project's homepage you'll find some mailinglists for issues
related to the snort-idmef-plugin.

Feedback is always welcomed!

Happy snort'ing,
Sandro





More information about the Snort-devel mailing list