Snort mailing list archives
SnortSnarf version 021017.1 now available!
From: James Hoagland <hoagland () SiliconDefense com>
Date: Thu, 17 Oct 2002 13:53:08 -0700
Greetings all,Silicon Defense is pleased to make available SnortSnarf version 021017.1, the latest release of its popular Snort alert browser. The things that people will probably appreciate the most is increased compatibility with Snort 1.9 and ability to display spp_portscan2 log entries. Here is the changes from the previous version:
+ Updated parsing for Snort 1.9.0 full alert files + works around bug in which sometimes there is no blank line between alerts [thanks to Tomoyuki Murakami for the contrib] + works around bug in which there is sometimes an extraneous blank line in the middle of an alert (e.g., after NEXT LINK MTU) + now understands Xref sections in the form '[Xref => system id]' + removes any '\0' (^@) that was at the end of lines (e.g., at the end of ADMINISTRATIVELY PROHIBITED HOST FILTERED lines) + new-style Spade reports now processed (Spade version 021008.1 and on) + spp_portscan2 log files now processed (these entries are displayed somewhat prettified) + updated linking to ICMP log files; this involved updates for new ICMP header format in Snort 1.9.0 + more robust recognition of non-packet alerts in different formats (these get ignored) + clarified warning about unknown ICMP type text and added repeat warning suppression (you'll now only get a warning about a particular string twice) + arachNIDS reference URLs now are to www.whitehats.com instead of whitehats.com + McAfee reference URL updated + SnortSnarf will now ignore lines beginning with '#' between alerts, so you can use that to begin a commentThis is a recommended update for all Snort users, especially those using 1.9 and greater.
You can read more about SnortSnarf and download it for free from: http://www.silicondefense.com/software/snortsnarf/ Best regards, JimP.s. I would appreciate it if someone with Snort CVS commit access would check this release into the Snort's 'contrib' directory.
-- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: IDS Solutions --- *| |* hoagland () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SnortSnarf version 021017.1 now available! James Hoagland (Oct 17)