[Snort-users] ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.1alpha released

Sandro Poppi spoppi at ...158...
Mon Nov 24 07:10:04 EST 2003


Hello Snorters,

I'm glad to announce a new release of the GPL'ed Snort IDMEF plugin
1.2.1alpha for Snort 2.0.4.

IDMEF is the Intrusion Detection Exchange Message Format which is XML
based and developed by the IETF working group IDWG. It's current status
is "Draft".

Snort IDMEF enables Snort to generate IDMEF based messages and store
them either in a flat file or distribute them via TCP sockets.

The changes in this version are:

* version 1.2.1 alpha 2.0.4
    - added the following files to the tarball
    -- append_idmef.pl, idmefify.sh for autoadjusting rule files
    -- idmef-message.dtd
    -- TODO
    - added support for stream4/stream4_reassembly preprocessor
    - added support for portscan2 preprocessor
    - added support for the snort decoder
    - added support for http_decode preprocessor
    - added support for rpc_decode preprocessor
    - added patch for including sid, classification and priority in
Build*MessageTree() funcs (thanks to Herve Debar for providing it)
    - added patch for including ICMP info in BuildSource() (thanks to
Herve Debar for providing it)
    - fixed missing checks when dealing with calloc in
Build*MessageTree() funcs (thanks to Herve Debar for providing it)
    - when snort-idmef doesn't recognize the generator it now prints the
generator id (thanks to Prachid T. for pointing that out)
    - switched from malloc to calloc to not get in trouble if a char is
not exactly 1 byte on a specific plattform

Requirements:
    - Snort 2.0.4 source http://www.snort.org
    - libidmef http://sourceforge.net/projects/libidmef
    - libxml2 http://xmlsoft.org/
    - snort-idmef-plugin ;) http://sourceforge.net/projects/snort-idmef

On the project's homepage you'll find some mailinglists for issues
related to the snort-idmef-plugin.

Try it and enjoy!

Regards,
Sandro Poppi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3162 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031124/5ca9d755/attachment.bin>


More information about the Snort-users mailing list