I just pushed out a newer development version of nsm-console out to navi.eight7.org, here are some of the new features:

• Snort module with community rules
  • self-contained snort module will all the community rules and configuration file, this’ll generate alerts into a file after reading the pcap file. I wasn’t sure whether to use community or bleeding edge rules, it’s still easy to point the snort module to your own snort.conf file and do it that way.
• Exec command will do substitution now on the following variables:
  • ${PCAP_FILE}
  • ${PCAP_BASE}
  • ${MODULE_DIR}
  • ${OUTPUT_DIR}
  • This’ll let you do something like “exec tcpdump -X -n -r ${PCAP_FILE}“
  • In addition, exec now logs all the commands run into the regular logfile
• The ‘logfile’ command, real simple, just specifies a new logfile
• Whitespace is handled much much better, there were a lot of bugs with whitespace being handled correctly for the “set” command (among others), it should be handled much better now.
• Category loading now handles non-files much better, before, if you left a “CVS” directory in the categories folder, it would read it but when it went to do a “toggle all”, it would error out, this has been fixed.
• Lots of bugfixes

You can grab the new version here:

http://writequit.org/projects/nsm-console/files/nsm-console-0.3-DEVEL.tar.gz

It’s definitely stable enough for daily use, highly recommended over the older versions. I’m still hoping to get cvs-web interface up to be able to browse the code.