[Snort-users] IDMEF Plugin

Timothy Lelesi lelesi at ...9251...
Wed May 21 16:35:05 EDT 2003


What is the current status of the IDMEF Plugin?

I noted that "--enable-idmef" is no longer a complile option in version
2.0.0.  

Given this, after sorting through the various versions, I installed
1.9.0 from Silicon Defense which incorporates the IDMEF Plugin.  I
installed all the requisite software:  idmef, xml2, ntp.  I enabled the
plugin and got no apparent errors upon loading Snort.  However, upon
reception of traffic, Snort seg faults.  When I turn off the IDMEF
Plugin, I don't get any seg faults.

I also tried installing version 1.8.7.  However, as noted in a previous
post from Andrew Walther, I also get a libidmef not found error when I
run Snort's ./configure.  


Tim




More information about the Snort-users mailing list