[Snort-users] Re: [Snort-announce] Snort 2.0 rc1 available

Martin Roesch roesch at ...1935...
Tue Apr 1 12:50:33 EST 2003


This isn't implemented (or planned) at this time, if you get it working 
let me know!

      -Marty

On Thursday, March 27, 2003, at 02:34 AM, Mahdi Kefayati wrote:

> In the Name of the Dearest
>
> Dear Martin,
>
> One of the things I have been looking for in snort is logging the URI 
> which has caused a rule to be trigered. I'm aware of uricontent option 
> but I want to log exactly the URI of a request, packet, etc. that has 
> trigerd for example a content checking rule. This along with some url 
> filter or flexresp functionality will help me to do content filtering 
> and also some statistical analysis on my users.
>
> If anybody has worked on this topic please email me asap and if it's 
> not implemented yet, would you please include it in snort 2.0.
>
> Best Regards
>
> Mahdi Kefayati
>
>  Martin Roesch <roesch at ...1935...> wrote:
>
> The Snort 2.0 release candidate 1 is available for your testing. We've
> been working on and tweaking Snort 2.0 for quite a while now and it's
> looking like it's ready to go. Please download it and check it out at
> the earliest opportunity. If you find any bugs, please read the
> doc/BUGS file before submitting a bug report, Snort works on too many
> platforms for us to guess at your configuration!
>
> This version features:
>
> * Higher performance (due to a new pattern matcher and rebuilt
> detection engine)
> * Better decoders
> * Enhanced stream reassembly and defragmentation
> * Tons of bug fixes
> * Updated rules
> * Updated snort.conf
> * New detection keywords (byte_test, byte_jump, distance, within) &
> stateful pattern matching
> * New HTTP flow analyzer
> * Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
> * Better self preservation in stateful sunsystems
> * Xrefs fixed
> * Flexresp works faster and more effectively
> * Better chroot()'ing
> * Fixed 802.1q decoding
> * Better async state handling
> * New alerting option: -A cmg!!
>
> The source tarball is available at
> http://www.snort.org/dl/snort-2.0.0rc1.tar.gz. A win32 build will
> follow shortly!
>
> Brought to you by the character ':', the letters 'w' and 'q' and the
> number 0x41414141. Enjoy!
>
> -Marty
>
> --
> Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
> Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
> roesch at ...1935... - http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by:
> The Definitive IT and Networking Event. Be There!
> NetWorld+Interop Las Vegas 2003 -- Register today!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
> _______________________________________________
> Snort-announce mailing list
> Snort-announce at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-announce
>
>
>
<image.tiff>
>
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list