[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    [snort] Another Snort snapshot available
From:       Martin Roesch <roesch () clark ! net>
Date:       1999-08-27 18:09:16
[Download RAW message or body]

Ok, I was productive at lunch and made some fixes, etc.  

I fixed all of the problems I've been having with weird interactions
between command line switches and the logging subsystem.  Basically, I
bit the bullet and made a couple of function pointers that I set to
point to the logging functions that a particular mix of command line
switches would normally activate.  This does away with tons of if/then
statements in the running code and makes everything faster and cleaner
to write to.  You'll see why this is a good thing when I formally reveal
my plans, but for now we have a mechanism that can select the program
output formatting at run time.  Anyone who's feeling ambitious can now
code and attach a new logging/alerting module to the program trivially.

I also added port negation rules, which people who are trying to use Max
Vision's rule set will find useful.  All of those !53's will now work.

One other new command line switch: -N.  This disables logging to both
binary and text log files, but leaves alerting operational.

Same URL as before, and I even put this one in the right place!


     -Marty

-- 
Martin Roesch
roesch@clark.net
http://www.clark.net/~roesch

[prev in list] [next in list] [prev in thread] [next in thread]