[Snort-users] SnortSnarf v020124.1 released!

James Hoagland hoagland at ...47...
Thu Jan 24 13:25:02 EST 2002

Greetings Snort users,

Silicon Defense is pleased to announce the availability of SnortSnarf 
version 020124.1, the latest version (approximately #22) of its free 
Snort alert browser.  Here are the changes:

+ added top N most active sources and destinations pages which 
including IP involvement breakdown summaries (N adjustable with 
-top=N; default 20) (multiply requested feature)
+ signature priority # and classification text displayed in pages
+ signature list now sorted primarily by priority # unless 
-sortsigcount1st is given (-rs still reverses listing order) (use 
-hiprioisworse if a higher priority number means a higher priority to 
+ new -minprio=P option causes alerts with priority lower than P to 
be ignored; this could be used to filter out informational messages 
for a run
+ new -sipin=cidr option restricts alerts presented to those that 
have a source IP in the given CIDR specified net
+ new -dipin=cidr option restricts alerts presented to those that 
have a dest IP in the given CIDR specified net
+ added a small top-level navigation table to the top of each page 
for quicker browsing
+ updated RIPE link (thanks to Laurent Monin and Olaf Gellert)
+ added lookup links into dshield.org and Sam Spade for an IP
+ made anomaly scores in Spade alerts bold for quicker scanning
+ changed order of listing among reference links
+ input files can now be interspersed with options on the command 
line (previously they needed to be after all the options)
+ cleaned up some HTML
+ updated the documentation

Quite a few significant new features this time.  We now have summary 
pages of the most active IP addresses, sort by priority on the start 
page, and provide 3 ways to restrict which alerts in your input files 
get put into pages.  And, oh yeah, we now produce updated RIPE links. 
So, there are many reasons to upgrade or just to give it a try.

You can learn more and download your copy from:


We hope this new version brings you happier Snorting.

Best regards,

   Jim Hoagland

P.s. If someone could add this version to snort's contrib directory, 
that'd be great.
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...47..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|

More information about the Snort-users mailing list