[Snort-users] Re: [Snort-announce] Snort 2.0 rc1 available
roesch at ...1935...
Tue Apr 1 12:50:33 EST 2003
This isn't implemented (or planned) at this time, if you get it working
let me know!
On Thursday, March 27, 2003, at 02:34 AM, Mahdi Kefayati wrote:
> In the Name of the Dearest
> Dear Martin,
> One of the things I have been looking for in snort is logging the URI
> which has caused a rule to be trigered. I'm aware of uricontent option
> but I want to log exactly the URI of a request, packet, etc. that has
> trigerd for example a content checking rule. This along with some url
> filter or flexresp functionality will help me to do content filtering
> and also some statistical analysis on my users.
> If anybody has worked on this topic please email me asap and if it's
> not implemented yet, would you please include it in snort 2.0.
> Best Regards
> Mahdi Kefayati
> Martin Roesch <roesch at ...1935...> wrote:
> The Snort 2.0 release candidate 1 is available for your testing. We've
> been working on and tweaking Snort 2.0 for quite a while now and it's
> looking like it's ready to go. Please download it and check it out at
> the earliest opportunity. If you find any bugs, please read the
> doc/BUGS file before submitting a bug report, Snort works on too many
> platforms for us to guess at your configuration!
> This version features:
> * Higher performance (due to a new pattern matcher and rebuilt
> detection engine)
> * Better decoders
> * Enhanced stream reassembly and defragmentation
> * Tons of bug fixes
> * Updated rules
> * Updated snort.conf
> * New detection keywords (byte_test, byte_jump, distance, within) &
> stateful pattern matching
> * New HTTP flow analyzer
> * Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
> * Better self preservation in stateful sunsystems
> * Xrefs fixed
> * Flexresp works faster and more effectively
> * Better chroot()'ing
> * Fixed 802.1q decoding
> * Better async state handling
> * New alerting option: -A cmg!!
> The source tarball is available at
> http://www.snort.org/dl/snort-2.0.0rc1.tar.gz. A win32 build will
> follow shortly!
> Brought to you by the character ':', the letters 'w' and 'q' and the
> number 0x41414141. Enjoy!
> Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
> Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
> roesch at ...1935... - http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org
> This SF.net email is sponsored by:
> The Definitive IT and Networking Event. Be There!
> NetWorld+Interop Las Vegas 2003 -- Register today!
> Snort-announce mailing list
> Snort-announce at lists.sourceforge.net
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users