OSDN -- 開發和下載開源軟體
繁體中文翻譯狀態 translation status for zh-tw

RSS
Download List

專案描述

FLoP is designed to gather alerts with payload
from distributed snort sensors on a central server
and to store them in a database (PostgreSQL and
MySQL are supported). On the sensor, the output is
written to a process called sockserv. This process
is threaded; one thread receives and buffers the
alert packets, and the other thread forwards them
to a central server. The output is decoupled from
snort, which can proceed in sniffing instead of
waiting for the output plugins. At the central
server, a process called servsock gathers all
alerts from the remote sensors and feeds them to
the database. A short description of alerts with
high priority together with the database ID can be
sent via email to a list of recipients.

System Requirements

System requirement is not defined
Information regarding Project Releases and Project Resources. Note that the information here is a quote from Freecode.com page, and the downloads themselves may not be hosted on OSDN.

2006-06-06 11:22
1.6.0

Several checks were added, the alert data from Snort got a tag, and a restart of Snort is now checked. getpacket now has base 64 support. The statistics are now generated via the control thread so some signals are no longer necessary. The exit handler was rewritten and a cache for signatures was added. This cache can accelerate the insert rate by up to a factor of two and is implemented as a red black tree. During runtime, the only SELECT statement is for the signature ID, and all other operations are INSERT statements. The idea is to cache all signatures that caused an alert.
標籤: Major feature enhancements

2006-02-13 10:13
1.5.1

The interface name can be included. The database
can now be accessed via TCP. The drop and alert
feature can be deactivated. Alerts can be dropped
without writing the information to the drop
socket. A command line option was added to
getpacket to avoid following tagged packets. The
consistency checks for alert packets were
enhanced, and several checks were added. Some bugs
were removed, especially one regarding the sensor
name, in which parts of the previous connected
sensor were appended with a newline.
標籤: Minor feature enhancements

2006-01-16 23:02
1.5.0

A control thread was added so that some parameters can be chaned during runtime. The restriction of one snort process per sensor was removed. This way it is also possible to encrypt the communication via stunnel or an SSH tunnel. If the server process gets terminated (SIGINT or SIGTERM), then all cached alerts are save in swap files. The new (unofficial) scheme 107 is supported, and the configure script was enhanced. Recreation of pcap files is now possible on 64-bit systems. Some bugs were fixed.
標籤: Major feature enhancements

2005-01-26 23:54
1.4.1

Event_references is now unique among restarts of snort so that getpacket is able to rebuild only packets of the same tagged session.Additional packet information like MAC addresses and vendor information can be printed out. This release has a -Z option to disable the use of UTC time within the database (the local timezone is used instead). Some minor bugs are fixed and configure makes some additional checks.
標籤: Minor feature enhancements

2004-10-11 04:02
1.4.0

With a slight extension of the database, it is possible to rebuild a stream of tagged packets with the program getpacket. rules.pl is now able to work with rules without given priority/classification (this happens mostly with some bleeding snort rules). A lot of minor bugs were fixed. Some are essential for sensors with a small amount of RAM and rebuilding large TCP packets within stream4. Log and error messages are improved.
標籤: Major feature enhancements

Project Resources

Project Page 首頁 下載: TGZ