Hosting Provided By

[Snort-devel] ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.4alpha for snort 2.1.1 released

From: Sandro Poppi <spoppi(at)gmx.net>
Date: Sat Mar 27 2004 - 12:21:04 EST

Hi Snorters,

I'm happy to announce a new release of the GPL'ed Snort IDMEF plugin 1.2.4alpha for Snort 2.1.1.

IDMEF is the Intrusion Detection Exchange Message Format which is XML based and developed by the IETF working group IDWG. It's current status is "Draft".

Snort IDMEF enables Snort to generate IDMEF based messages and store them either in a flat file or distribute them via TCP sockets.

The changes in this version are:

configure.in:
- added support for new header structure in libidmef 0.7.3 alpha
- added --enable-char_ref (default=disabled; see below)
spo_idmef.c:
- added support for new header structure in libidmef 0.7.3 alpha
- added ability for homenet not requiring to be a single address/network, now lists are also supported, e.g. [192.168.1.0/24,192.168.2.0/24,192.168.3.0/24]
- incorporated ascii output patch for conforming to IDMEF draft by adding option char_ref due to the fact that XML 1.0 is not supporting all chars below 0x20 it has been worked around which breaks the IDMEF draft until XML 1.1 is available in libxml2 (use base64 instead if you need all info in the payload according to the draft) (thanks to David C. Hoos for providing it)
packaged for snort 2.1.1

Requirements:

Snort 2.1.1 source http://www.snort.org
libidmef http://sourceforge.net/projects/libidmef
libxml2 http://xmlsoft.org/
snort-idmef-plugin ;) http://sourceforge.net/projects/snort-idmef

Do you need help?

On the project's homepage you'll find some mailinglists for issues related to the snort-idmef-plugin.

Feedback is always welcomed!

Happy snort'ing,
Sandro

This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Sat Mar 27 12:25:27 2004

This message: [ Message body ]
Next message: Prabhat Singh: "[Snort-devel] An important multi-content rule related question"
Previous message: Frank Meerkoetter: "Re: [Snort-devel] code documentation (stream4)"
Next in thread: Michael Richardson: "Re: [Snort-devel] ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.4alpha for snort 2.1.1 released"
Reply: Michael Richardson: "Re: [Snort-devel] ANNOUNCEMENT: Snort-IDMEF-Plugin 1.2.4alpha for snort 2.1.1 released"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT