Bug 80831 - snort-2.3.0_rc2.ebuild (update)
Bug#: 80831 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: All Status: RESOLVED Severity: enhancement Priority: P2
Resolution: FIXED Assigned To: netmon@gentoo.org Reported By: bjhowell@gmail.com
Component: Ebuilds
URL: 
Summary: snort-2.3.0_rc2.ebuild (update)
Keywords:  
Status Whiteboard: 
Opened: 2005-02-05 00:07 0000
Description:   Opened: 2005-02-05 00:07 0000 
Hi!
Please find attached snort-2.3.0_rc2.ebuild modified for sguil support.

Patches:
spp_portscan_sguil.patch
spp_stream4_sguil.patch

SGUIL - The Analyst Console for Network Security Monitoring.
The patch for spp_stream4 allows you to configure snort to write session data in a pipe delimiated text file for easy loading by sensor_agent.tcl into the DB. The patch for spp_portscan adds a configuration option to write portscan
data to a pipe deliminated file, again for easy loading into the DB. The spp_portscan patch also facilitates the logging of portscan events to log_unified as well as establishes a 'priority' of 5 to those alerts.

------- Comment #1 From Ben Howell 2005-02-05 00:31:54 0000 ------- 
Created an attachment (id=50422) [details]
snort-2.3.0_rc2.ebuild modified to apply two SGUIL reporting patches

SGUIL patches are only available for download from sourceforge (and CVS) and
are buried in the source package sguil-sensor-0.5.3.tar.gz. Due to this, the
entire source for sguil-sensor-0.5.3.tar.gz is downloaded (Length: 89,816 kB)
and patches extracted from there.

------- Comment #2 From Aaron Walker (RETIRED) 2005-02-06 05:21:13 0000 ------- 
Thanks. 2.3.0-r1 is in cvs.