Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] FLoP-1.5.0 released

from [Dirk Geschke] Network Security [Permanent Link]
Subject: [Snort-users] FLoP-1.5.0 released
Date: Mon, 16 Jan 2006 23:09:38 +0100 
Hi snorters,

the long outstanding release 1.5.0 of the Fast Loggin Project 
for snort is out now:

   http://www.geschke-online.de/FLoP/

FLoP realizes the collection of alerts on a central server and
stores them in a database (PostgreSQL or MySQL). It adds an 
output plugin to snort where all alert (and/or log) information 
are written to an unix domain socket where a process called
"sockserv" reads the alerts, buffers them and forwards them
to a central server.

On the central server all alerts are stored in the database
via an unix domain socket. So neither a direct TCP connection
to the database is necessary nor is there any need for alert
files on the sensor.

Therefore the option "-Y" was added to snort which suppresses
the default output plugin, only the plugins of snort.conf are
used.

This new release adds a control thread to so that some parameters
can be changed during runtime.

Further the restriction of one snort process per sensor was
removed. Now the connection can be realized via stunnel or
a ssh tunnel. 

If the server process is terminated via SIGINT or SIGTERM all
buffered alerts are written to swap files. These will be used
on restart if a sensor connects again.

The configure script was enhanced, compile flags for the 
database part are now tried to be get via mysql-config or
pg_config.

The still inofficial database scheme 107 as suggested by
Graham Keeling and Kevin Johnson for adding the generator
ID to the database is supported.

"getpacket", the program to rebuild pcap files from the 
databae, works now on 64 bit systems. The use of mixed
systmes - 32 and 64 bit - is not (yet) possible.

And finally some bugs were fixed....

Best regards and give it a try

Dirk Geschke


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-users] FLoP-1.5.0 released, Dirk Geschke <=
Previous by Date:  Re: [Snort-users] snort center implementation, Wes Young
Next by Date:  Re: [Snort-users] Installing on RedHat, Shane Presley
Previous by Thread:  [Snort-users] snort center implementation, longint longint
Next by Thread:  RE: [Snort-users] Problem: Win32 v2.4.3 does not start as a Service, Lee Clemens
Indexes:  [Date] [Thread] [Top] [All Lists]