Thursday, May 28, 2015

Snort++ Update

Just pushed build 154 to github (snortadmin/snort3):

  • new_http_inspect parsing and event handling updates
  • initial port of file capture from Snort
  • stream_tcp reassembles payload only
  • remove obsolete REG_TEST logging
  • refactor encode_format*()
  • rewrite alert_csv with default suitable for reg tests and debugging
  • dump 20 hex bytes per line instead of 16
  • add raw mode hext DAQ and logger; fix dns inspector typo for tcp checks
  • document raw hext mode
  • cleanup flush flags vs dir
  • add alert_csv.separator, delete alert_test
  • tweak log config; rename daq/log user to hext
  • cleanup logging
  • stream_tcp refactoring and cleanup