CVS log for snort/snort.8
	Help

Request diff between arbitrary revisions

2.8.2 beta prep

Update to indicate --pid-path specifies the directory for the PID file.  Thanks to Lee Clemens for pointing out the ambiguity.

* Document new multiple pcap command line options and ARP Spoof
  preprocessor configuration.

* Document new multiple pcap command line options and ARP Spoof
  preprocessor configuration.

update year to 2008

update year to 2008

update year to 2008

* 2.8.0 Updates.

* 2.8.0 Updates.

* 2.8.0 beta prep.

* 2.8.0 beta prep.

* More code cleanup, eliminate warnings on Win32 platform.

* Update for 2.7.0 Beta

* Added SSH and DCE/RPC preprocessor sections and description of
  new command line options.

* Add create_db2 srcipt to be included in distro.
* Fix issue with daemonization on MAC OSX and parent not exiting cleanly.
* Provide support for locking the PID file so that no additional snort
  process is able to start using the same PID file.  Can be overridden
  with --nolock-pidfile.
* Fix issue with replace option and replaced data always being placed
  at the beginning of the packet.
* FTPTelnet: Fix issue with parsing default server configuration on Win32
  platform for FTPTelnet.
* SMTP: Fix potential read beyond end of buffer and update configuration to
  use less memory.
* Fix Stream reassembly issue at session purge/end of pcap.
* HTTP: Handle additional whitespace characters on a per server configured
  basis.  Defaults are to treat Htab (\t, 9), VTab (\v, 11), Form
  Feed (\f, 12), and CR (\r, 13) as whitespace.
* Revise IP list parsing code.

* Add create_db2 srcipt to be included in distro.
* Fix issue with daemonization on MAC OSX and parent not exiting cleanly.
* Provide support for locking the PID file so that no additional snort
  process is able to start using the same PID file.  Can be overridden
  with --nolock-pidfile.
* Fix issue with replace option and replaced data always being placed
  at the beginning of the packet.
* FTPTelnet: Fix issue with parsing default server configuration on Win32
  platform for FTPTelnet.
* SMTP: Fix potential read beyond end of buffer and update configuration to
  use less memory.
* Fix Stream reassembly issue at session purge/end of pcap.
* HTTP: Handle additional whitespace characters on a per server configured
  basis.  Defaults are to treat Htab (\t, 9), VTab (\v, 11), Form
  Feed (\f, 12), and CR (\r, 13) as whitespace.
* Revise IP list parsing code.

* Changed --flush-all-events to --process-all-events and
  --alert-on-drop to --treat-drop-as-alert

* Changed --flush-all-events to --process-all-events and
  --alert-on-drop to --treat-drop-as-alert

* Fix -M flag to log Fatal and regular Error messages to syslog.
* Add info to docs on new commandline switches.

* Fix -M flag to log Fatal and regular Error messages to syslog.
* Add info to docs on new commandline switches.

* Added info on new command line options.

* src/snort.c:
  New command line switch, -K, to explicitly set logging mode.  Available
  arguments are "none", "pcap" and "ascii".
  Pcap mode is now the default logging mode of Snort.
  CheckLogDir() is no longer called in IDS mode until after reading in
  the snort.conf file to prevent unncessary exiting due to logdir being
  specified in snort.conf and inadvertantly checking for the existence
  of /var/log/snort.
* src/util.c:
  Included CheckLogDir() call in CreatePidFile() on the off chance
  we have to fall back to using pv.log_dir which can happen due to
  the IDS mode logdir check being removed in src/snort.c
  Banner updated to remind people of logging changes
* src/decode.c:
  Added check for bad length of TCP SACK option.
* snort.8 README
  Updated for new command line switch and logging realities.
* src/win32/WIN32-Includes
  Always use winsock2.h.

* src/snort.c:
  New command line switch, -K, to explicitly set logging mode.  Available
  arguments are "none", "pcap" and "ascii".
  Pcap mode is now the default logging mode of Snort.
  CheckLogDir() is no longer called in IDS mode until after reading in
  the snort.conf file to prevent unncessary exiting due to logdir being
  specified in snort.conf and inadvertantly checking for the existence
  of /var/log/snort.
* src/util.c:
  Included CheckLogDir() call in CreatePidFile() on the off chance
  we have to fall back to using pv.log_dir which can happen due to
  the IDS mode logdir check being removed in src/snort.c
  Banner updated to remind people of logging changes
* src/decode.c:
  Added check for bad length of TCP SACK option.
* snort.8 README USAGE RELEASE.NOTES
  Updated for new command line switch and logging realities.

* Bringing RC1 up to 2.1.1

* Updated -T info for snort.8 to include where snort looks for "snort.conf."
  Thanks Drew Smith for pointing that out.
* Doc updates for thresholding
* Changed some startup messages from printf to LogMessage to be more
  consistent. Thanks for the patch, nnposter(at)users.sourceforge.net.

* Major add/commit of 2.1 feature set...

  Will do a tag and then remove the "moved" files

* remove ghetto message reference config options (they have not done anything
    since May)

* killing the -a option from the man page

merge with CURRENT..

a few fixes in page..

Jeff '-z' fix.. (sorta works)

* typos/new addresses for snort.8 (jnathan)
* snort.conf defaults explained a bit more (jnathan)
* SPARC_TWIDDLE for alignment problems on SPARC and maybe HPUX
* pragma for math.h for snort.h
* removing math.h from decode.h ( already defined in snort.h )

* typos/new addresses for snort.8 (jnathan)
* snort.conf defaults explained a bit more (jnathan)
* SPARC_TWIDDLE for alignment problems on SPARC and maybe HPUX

* all unstable/orphaned/unmaintained/deprecated code is getting the axe
  before we proceed to 2.0

*** empty log message ***

* updated docs
* 1.8.3 release

* fixed frag2 crashes on Sparc/Solaris
* Updating docs for 1.8 release

* fixed crashbugs in tag code
* verified that syslog code is working properly, converted default facility
  to log_auth instead of log_authpriv
* checked year timestamps on alpha architecture, seem ok
* checked for invalid timestamps from spp_portscan talking to spo_database,
  looked ok
* fixed -S command line switch behavior with variable special modes
* fixed URI code detection for UNICODE traffic, tweaked http_decode plugin
  to only decode the URI
* made mods to detection engine so that we don't get double alerts from a
  packet and a reassembled TCP stream for info that's already been alerted
  on
* tightened alert code for spp_stream4, should squawk less
* added some sanity to plugbase.c
* fixed embedded packet header printouts for ICMP UNREACH encapsulated packets
* beta 10, build 38

* Build 3
* updated man page from Brian Caswell
* http_ignorehosts added from Matt Wachinski
* enhanced some error messages for variable subst. code
* fixed SIGUSR1 stats dump to syslog on Solaris
* PID code now defaults to /var/run->/var/log-><logdir>
* couple other tweaks

* Updated more documentation
* Added Silicon Defenses' IDMEF XML output plugin to the contrib directory

* Touched up the man page to include some recent additions

Some minor fixes. :)

# more tweaks

A bit of fixes in Jed's code (to comply with chrootdir 'policy' :))
Also updated manual page and README files a little bit.

Fixed a typo in the man page.

Initial Import

Initial revision