[Snort-users] Re: [Snort-announce] Snort 2.0 rc1 available

In the Name of the Dearest
Dear Martin,
One of the things I have been looking for in snort is logging the URI which has caused a rule to be trigered. I'm aware of uricontent option but I want to log exactly the URI of a request, packet, etc. that has trigerd for example a content checking rule. This along with some url filter or flexresp functionality will help me to do content filtering and also some statistical analysis on my users. If anybody has worked on this topic please email me asap and if it's not implemented yet, would you please include it in snort 2.0. Best Regards
Mahdi Kefayati
 Martin Roesch <roesch@sourcefire.com> wrote:The Snort 2.0 release candidate 1 is available for your testing. We've been working on and tweaking Snort 2.0 for quite a while now and it's looking like it's ready to go. Please download it and check it out at the earliest opportunity. If you find any bugs, please read the doc/BUGS file before submitting a bug report, Snort works on too many platforms for us to guess at your configuration!

This version features:

• Higher performance (due to a new pattern matcher and rebuilt detection engine)
• Better decoders
• Enhanced stream reassembly and defragmentation
• Tons of bug fixes
• Updated rules
• Updated snort.conf
• New detection keywords (byte_test, byte_jump, distance, within) & stateful pattern matching
• New HTTP flow analyzer
• Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
• Better self preservation in stateful sunsystems
• Xrefs fixed
• Flexresp works faster and more effectively
• Better chroot()'ing
• Fixed 802.1q decoding
• Better async state handling
• New alerting option: -A cmg!!

The source tarball is available at
http://www.snort.org/dl/snort-2.0.0rc1.tar.gz. A win32 build will follow shortly!

Brought to you by the character ':', the letters 'w' and 'q' and the number 0x41414141. Enjoy!

-Marty

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch(at)sourcefire.com - 
http://www.sourcefire.com
Snort: Open Source Network IDS - 
http://www.snort.org



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-announce mailing list
Snort-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-announce


---------------------------------
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!


-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users