:wq - blog » logfile http://writequit.org/blog Tu fui, ego eris Mon, 22 Dec 2014 14:54:59 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.5 Development version of nsm-console (0.3-DEVEL) http://writequit.org/blog/2008/01/01/development-version-of-nsm-console-03-devel/ http://writequit.org/blog/2008/01/01/development-version-of-nsm-console-03-devel/#comments Tue, 01 Jan 2008 20:09:59 +0000 http://writequit.org/blog/?p=112 I just pushed out a newer development version of nsm-console out to navi.eight7.org, here are some of the new features:

  • Snort module with community rules
    • self-contained snort module will all the community rules and configuration file, this’ll generate alerts into a file after reading the pcap file. I wasn’t sure whether to use community or bleeding edge rules, it’s still easy to point the snort module to your own snort.conf file and do it that way.
  • Exec command will do substitution now on the following variables:
    • ${PCAP_FILE}
    • ${PCAP_BASE}
    • ${MODULE_DIR}
    • ${OUTPUT_DIR}
    • This’ll let you do something like “exec tcpdump -X -n -r ${PCAP_FILE}
    • In addition, exec now logs all the commands run into the regular logfile
  • The ‘logfile’ command, real simple, just specifies a new logfile
  • Whitespace is handled much much better, there were a lot of bugs with whitespace being handled correctly for the “set” command (among others), it should be handled much better now.
  • Category loading now handles non-files much better, before, if you left a “CVS” directory in the categories folder, it would read it but when it went to do a “toggle all”, it would error out, this has been fixed.
  • Lots of bugfixes :)

You can grab the new version here:

http://writequit.org/projects/nsm-console/files/nsm-console-0.3-DEVEL.tar.gz

It’s definitely stable enough for daily use, highly recommended over the older versions. I’m still hoping to get cvs-web interface up to be able to browse the code.

]]>
http://writequit.org/blog/2008/01/01/development-version-of-nsm-console-03-devel/feed/ 3