Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FLoP-1.5.0 released

From: Dirk Geschke <dirk () geschke-online de>
Date: Mon, 16 Jan 2006 23:09:38 +0100
Hi snorters,

the long outstanding release 1.5.0 of the Fast Loggin Project 
for snort is out now:

   http://www.geschke-online.de/FLoP/

FLoP realizes the collection of alerts on a central server and
stores them in a database (PostgreSQL or MySQL). It adds an 
output plugin to snort where all alert (and/or log) information 
are written to an unix domain socket where a process called
"sockserv" reads the alerts, buffers them and forwards them
to a central server.

On the central server all alerts are stored in the database
via an unix domain socket. So neither a direct TCP connection
to the database is necessary nor is there any need for alert
files on the sensor.

Therefore the option "-Y" was added to snort which suppresses
the default output plugin, only the plugins of snort.conf are
used.

This new release adds a control thread to so that some parameters
can be changed during runtime.

Further the restriction of one snort process per sensor was
removed. Now the connection can be realized via stunnel or
a ssh tunnel. 

If the server process is terminated via SIGINT or SIGTERM all
buffered alerts are written to swap files. These will be used
on restart if a sensor connects again.

The configure script was enhanced, compile flags for the 
database part are now tried to be get via mysql-config or
pg_config.

The still inofficial database scheme 107 as suggested by
Graham Keeling and Kevin Johnson for adding the generator
ID to the database is supported.

"getpacket", the program to rebuild pcap files from the 
databae, works now on 64 bit systems. The use of mixed
systmes - 32 and 64 bit - is not (yet) possible.

And finally some bugs were fixed....

Best regards and give it a try

Dirk Geschke


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: