Thank you ermal and co.!
-
Just got the snort package 2.5.1 up and running without a hitch! Thank you so much for all your hard work, it seems to be running better than ever (RAM usage is way down)! I felt so naked without my Snort! :)
-
I second this and plan to donate. Thanks Ermal. Now if only you can come up with an improved Traffic Shaping wizard ;-)
-
Thanks ermal, cino and Fesoj.
-
Second that. What they said! 8)
-
Same here - love the new rule category layout! Are shared objects still a no-go for 64 bit?
Already bought a support sub.
-
No they are supported afaik.
There are some tweaks to be done related to detecting that a .so has changed and stop/start snort rather than reload.
But will do that soon. -
The SO rules work in my 2.5.1 - 2.0.1 amd64 installation.
Are the SO rules expected to replace or to complement the related non SO rules with the same name?
-
The shared object rules seem add additional functionality. E.g. the snort_p2p rules are (now) empty, but the associated so rule has support for detecting the WinNY program. When you download the rules, there is a source folder–-so you could actually look at the content of the so rules.