is moved over.
New to 1.8.1
* SNMP Alerts
* IDMEF XML output
* Limited wildcard regex support
* New normalization mode for http_decode
* many bug fixes
From Changelog:
* added new IP defragmenter, spp_frag2
* added new stateful inspection/tcp stream reassembly plugin, spp_stream4
* Snort can now statefully detect ECN traffic (less false alarms)
* stream4 can now keep session statistics in a "session.log" file
* added new high-speed unified binary output system, spo_unified
* added new data structs/management for tag code
* added -k switch to tune checksum verification behavior
* added -z switch to provide stateful verification of alerts
* modified bahavior of http_decode, now only alerts once per packet
* added unique Snort ID's to every Snort rule, plus generator, revision
and event ID info to each alert
* detection engine only alerts once per packet now, tcp stream code doesn't
generate another alert packet if a previous one already alerted for that
stream
* fixed signal handling on svr4 systems
* added enhanced cross reference printout to full/fast/syslog alert modes
* added new high speed checksum verification (on x86) routines
* added new ARP spoof detection preprocessor from Jeff
Nathan <jeff@wwti.com>
changes by me:
- add HOMEPAGE to DESCR
- remove license type
- add SEPARATE_BUILD option
- remove unnecessary re-installation of man page durring post-install
- move message from post-install to pkg/MESSAGE
Thoroughly unsubtle, most mkdir -p should probably be INSTALL* at
*install stage, and echo/ECHO_MSG is somewhat unsorted.
It's quite possible I missed a few automated changes...