Hi! Please find attached snort-2.3.0_rc2.ebuild modified for sguil support. Patches: spp_portscan_sguil.patch spp_stream4_sguil.patch SGUIL - The Analyst Console for Network Security Monitoring. The patch for spp_stream4 allows you to configure snort to write session data in a pipe delimiated text file for easy loading by sensor_agent.tcl into the DB. The patch for spp_portscan adds a configuration option to write portscan data to a pipe deliminated file, again for easy loading into the DB. The spp_portscan patch also facilitates the logging of portscan events to log_unified as well as establishes a 'priority' of 5 to those alerts.
Created attachment 50422 [details] snort-2.3.0_rc2.ebuild modified to apply two SGUIL reporting patches SGUIL patches are only available for download from sourceforge (and CVS) and are buried in the source package sguil-sensor-0.5.3.tar.gz. Due to this, the entire source for sguil-sensor-0.5.3.tar.gz is downloaded (Length: 89,816 kB) and patches extracted from there.
Thanks. 2.3.0-r1 is in cvs.
