Menu
▾
▴
libidmef-devel — Libidmef developers mailing list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
(3) |
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Thomas B. <th...@no...> - 2009-08-13 07:34:44
|
Hi, the attached patch and spec file was used to build the libidmef 1.0.2 package in openSUSE Factory. JFYI The patch for the parser was needed to remove the exit(2) call which shouldn't occur in a library. Error handling should be done by the calling application. Bye Thomas -- Thomas Biege <th...@no...>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) |
|
From: Adam C. M. <ad...@mi...> - 2004-07-15 04:00:27
|
All, libidmef-0.7.3_beta-6 is available for download via: http://people.migus.org/~adam/downloads.xml or SourceFORGE. There's Redhat/Fedora RPMS as well as the source tar.bz2 file. Please direct any issues to the mailing list. Thanks, -- Adam C. Migus -- http://people.migus.org/~adam/ |
|
From: Adam C. M. <ad...@mi...> - 2004-04-16 22:20:06
|
All, As the subject indicates, libidmef-0.7.3_beta-4 is available for download via: http://people.migus.org/=7Eadam/downloads.xml or SourceFORGE. There's Redhat/Fedora and Mandrake RPMS as well as the source tar.bz2 file. See the ChangeLog and CVS logs for details. I've now tested 0.7.3 on Linux (Fedora/Mandrake) and FreeBSD. If I can find a Solaris and OpenBSD box to test it on I'm gonna roll the release for 0.7.3 and start working on 1.0.0 more aggressively. If anyone has an OpenBSD and/or Solaris box and can verify that it works, let me know. Please note there are also (incomplete, undocumented) 1.0.0-alpha-2 downloads available. Don't confuse them... Thanks, -- = Adam C. Migus -- http://people.migus.org/=7Eadam/ |
|
From: M.R.Rieback <M.R...@IT...> - 2003-04-05 12:41:31
|
Hello.. My name is Melanie Rieback, and I'm a grad student that is currently integrating IDMEF capabilities into an IDS correlation system that I've been creating for my Masters thesis. I've been busy writing a C++ wrapper program for libidmef, to provide a suitable object-oriented interface that my C++ based program can use. In the process of working on this, I have the following comment about libidmef: In the file idmefxml_types.h (on line 343), in the struct definition of _IDMEFanalyzer, one of the member declarations is a char * called 'class'. While this name literally matches the IDMEF DTD, is causes some unfortunate problems while integrating with a larger C++ program, since it's obviously a reserved word in C++. I've tried using all kinds of macros, define "C" blocks, and creative linking to solve this program, but unfortunately the second that I attach the file idmefxml_parse.h in any way shape or form to my C++ code, it dies on this error. Would it be possible to use the variable name 'analyzer_class' in the IDMEFanalyzer struct instead? I'm also open to any comments on how I can integrate this structure in a C++ program, despite the fact that it's called 'class'. Thanks in advance, Melanie Rieback Technical University of Delft |
|
From: <he...@ns...> - 2003-01-30 13:09:20
|
Sorry for interrupting you - click refuse <mailto:ma...@ns...> for no more mail... =09 =A1=A1 =09 - Welcome to NabiTel's <http://www.nabitel.com/English.asp> software products and portal services - =09 Software Products =09 <http://www.Nabitel.com/English.asp>=20 Web Robot: also called web spider or web crawler, collects useful web page informations by navigating world wide web sites.=20 Download free trial version now ! <http://www.nabitel.com/English.asp>=20 <http://www.Nabitel.com/English.asp> eMail ID Collector/Sender: Collects/sends email ids publicly opened on various web pages, with good intention.=20 Download free trial version now ! <http://www.nabitel.com/English.asp>=20 <http://www.Nabitel.com/English.asp> =09 Web Server Performance Tester: Do you want to verify whether your or customers web server has sufficient capacity? You have to pay a lots of money to do so! Use our Web Stress! Its very cheap but very powerful and practical! The price? Only $20! Purchase it now! You can create new business items with Web Stress.=20 Download free trial version now ! <http://www.Nabitel.com/English.asp> =20 Portal Services =09 <http://www.domainlinkers.com/English.asp> Domain Auction: Do you want to sell or buy Internet domains? The DomainLinkers.com is the best place to deal your domains! Do no t hesitate to visit NOW! Sell or Buy Internet Domains ! <http://www.domainlinkers.com/English.asp>=20 Have a nice day. Thank you. =09 |
|
From: <he...@ns...> - 2002-09-29 15:59:11
|
Sorry for interrupting you - click refuse <mailto:ma...@ns...> for no more mail... =09 =A1=A1 =09 - Welcome to NabiTel's <http://www.nabitel.com/English.asp> software products and portal services - =09 Software Products =09 <http://www.Nabitel.com/English.asp>=20 Web Robot: also called web spider or web crawler, collects useful web page informations by navigating world wide web sites.=20 Download free trial version now ! <http://www.nabitel.com/English.asp>=20 <http://www.Nabitel.com/English.asp> eMail ID Collector: Collects email ids publicly opened on various web pages.=20 Download free trial version now ! <http://www.nabitel.com/English.asp>=20 Portal Services =09 <http://www.nabitel.com/English.asp> Web Portal: Do you have your own home page and want to broadcast it all over the world ? Register your home page to NabiTel Portal Now !! (nabi=3Da butterfly) Register your home page now, it's free ! <http://www.nabitel.com/English.asp>=20 <http://www.AllThatCars.com/English.asp> Automobiles: Do you want to sell or buy automobiles ? Cars, trucks, limos, airplanes, ships,.... All That Cars are here ! Register your vehicles now, it's free ! <http://www.AllThatCars.com/English.asp>=20 <http://www.AllThatComputers.Com> Computers: Do you want to sell or buy computers ? PCs, printers, scanners, servers, mainframes, .... All That Computers are here !=20 Register your computers now, it's free ! <http://www.AllThatComputers.com/English.asp>=20 <http://www.AllThatFoods.Com/English.asp> =09 Food & Restaurants: Are you seeking for a nice place to eat ? Or do you run a restaurant ? Foods of the world, restaurants of the world, .... All That Foods are here !=20 Register your restaurant now, it's free ! <http://www.AllThatFoods.com/English.asp>=20 Have a nice day. Thank you. =09 |
|
From: Joe M. <jo...@Si...> - 2002-05-15 19:57:49
|
Hello Marko, That does indeed look correct. Thanks for the bug report. I will make those changes by tomorrow. Thanks, -Joe M. -- Joe McAlerney Silicon Defense: IDS Solutions Marko Jahnke wrote: > > Joey, > > since I changed to the 0.7.1 release of the above library > (primarily to get rid of the libntp), my purify tool indicated some > potential memory leaks. > > Is it possible that a few xmlFree() calls are missing after using > timeValToDatetime() and timevalToNtpTimestamp() as shown in the > following diff? > > --- idmefxml.c.orig Wed May 15 14:28:30 2002 > +++ idmefxml.c Wed May 15 14:29:48 2002 > @@ -1360,7 +1360,10 @@ > /* Set the ntpstamp attribute, and DATETIME value */ > > xmlSetProp(cur, "ntpstamp", ntpstamp); > + xmlFree(ntpstamp); > + > xmlNodeSetContent(cur, datetime); > + xmlFree(datetime); > > return(cur); > } > @@ -1410,8 +1413,11 @@ > > /* Set the ntpstamp attribute, and DATETIME value */ > > - xmlSetProp(cur, "ntpstamp", ntpstamp); > - xmlNodeSetContent(cur, datetime); > + xmlSetProp(cur, "ntpstamp", ntpstamp); > + xmlFree(ntpstamp); > + > + xmlNodeSetContent(cur, datetime); > + xmlFree(datetime); > > return(cur); > } > > Regards, > Marko > > -- > Marko Jahnke <ja...@fg...> > FGAN - Research Establishment for Applied Science > FKIE.KOM - Computer Networks > Wachtberg, Germany > Fon +49 228 9435 449 Fax +49 228 9435 685 |
|
From: Joe M. <jo...@Si...> - 2002-04-02 19:08:30
|
It's probably worthwhile to post this for those of you not on the focus-ids list. There is an interesting discussion taking place that has branched into representing security events. There are a number of opinions about XML-based representations and IDMEF in general. It starts here. You should view the thread index for the remainder of the discussion. http://online.securityfocus.com/archive/96/264481 It is also discussed in this thread. http://online.securityfocus.com/archive/96/264967 Some very interesting points are brought up that bring both design and implementation challenges. -Joe M. -- Joe McAlerney Silicon Defense: IDS Solutions |
|
From: Joe M. <jo...@Si...> - 2002-03-12 23:14:55
|
Hi David, The IDMEF plugin for Snort is not compatible with the latest IDMEF.=20 We're working on getting it up to date. You should use libidmef 0.6.3 for the time being. That aside, the errors you posted are coming from libidmef's configure correct? What operating system are you using? Also, I noticed that you are using --with-libxml2-libraries twice. Did you mean --with-libxml2-includes for the first one? Can you confirm that libxml2.so exists in /usr2/local/libxml2-2.4.17/lib and points to libxml2.so.2.4.17? Thanks, -Joe --=20 Joe McAlerney Software Developer / Security Consultant jo...@Si... Silicon Defense: IDS Solutions -=3D- http://www.silicondefense.com/ da...@by... wrote: >=20 > Dear Sir: > I am using libxml2-2.4.17+libidmef-0.7.1 as an xml plug-in for snort= 1.8.3. When I run the command: >=20 > ./configure --with-libxml2-libraries=3D/usr2/local/libxml2-2.4.17/inc= lude/libxml2 --with-libxml2-libraries=3D/usr2/local/libxml2-2.4.17/lib >=20 > I have got an error as below: >=20 > ./configure: -L ${/usr/local/lib} ${LDFLAGS}: bad substitution > checking for libxml libraries >=3D ...configure: error: Could not fin= d libxml2 anywhere... >=20 > Please note: I have installed libxml2-2.4.17 before running the 'conf= igure' script and it can find the libxml2 include files.I doubted that th= e 'configure' has an error at line: >=20 > LDFLAGS=3D"-L ${LIBVAL} ${LDFLAGS}". >=20 > Please reply to me.Thanks a lot! >=20 > Dav= id Lum > Mar= 12 =FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF= =FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=E5?=B8??=E7=FFu=EB=DE-f=A2-)=E0-+--&= =E2vgY=FD=D7=AFz_=E5S=CBl=FE=CA.=AD=C7Y=A2=B8=1E=FEw=AD?=DBi=B3=FF=FF-+-=B3= =FB(=BA=B7=1E~S=E0{=F9=DE=B7=F9b=B2=DB?-+-Sw=E8=FEX??=D9?=7F=F7^ |
|
From: <da...@by...> - 2002-03-12 08:51:45
|
RGVhciBTaXI6DQogICBJIGFtIHVzaW5nIGxpYnhtbDItMi40LjE3K2xpYmlk bWVmLTAuNy4xIGFzIGFuIHhtbCBwbHVnLWluIGZvciBzbm9ydCAxLjguMy4g V2hlbiBJIHJ1biB0aGUgY29tbWFuZDogDQogIA0KICAuL2NvbmZpZ3VyZSAt LXdpdGgtbGlieG1sMi1saWJyYXJpZXM9L3VzcjIvbG9jYWwvbGlieG1sMi0y LjQuMTcvaW5jbHVkZS9saWJ4bWwyIC0td2l0aC1saWJ4bWwyLWxpYnJhcmll cz0vdXNyMi9sb2NhbC9saWJ4bWwyLTIuNC4xNy9saWINCg0KSSBoYXZlIGdv dCBhbiBlcnJvciBhcyBiZWxvdzoNCiAgIA0KICAuL2NvbmZpZ3VyZTogLUwg JHsvdXNyL2xvY2FsL2xpYn0gJHtMREZMQUdTfTogYmFkIHN1YnN0aXR1dGlv bg0KICBjaGVja2luZyBmb3IgbGlieG1sIGxpYnJhcmllcyA+PSAuLi5jb25m aWd1cmU6IGVycm9yOiBDb3VsZCBub3QgZmluZCBsaWJ4bWwyIGFueXdoZXJl Li4uDQoNCiAgUGxlYXNlIG5vdGU6IEkgaGF2ZSBpbnN0YWxsZWQgbGlieG1s Mi0yLjQuMTcgYmVmb3JlIHJ1bm5pbmcgdGhlICdjb25maWd1cmUnIHNjcmlw dCBhbmQgaXQgY2FuIGZpbmQgdGhlIGxpYnhtbDIgaW5jbHVkZSBmaWxlcy5J IGRvdWJ0ZWQgdGhhdCB0aGUgJ2NvbmZpZ3VyZScgaGFzIGFuIGVycm9yIGF0 IGxpbmU6DQoNCiAgTERGTEFHUz0iLUwgJHtMSUJWQUx9ICR7TERGTEFHU30i Lg0KDQogIFBsZWFzZSByZXBseSB0byBtZS5UaGFua3MgYSBsb3QhDQogICAg ICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBEYXZpZCBMdW0gDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIE1hciAxMiA= |
|
From: Joe M. <jo...@Si...> - 2002-03-09 02:58:05
|
The libidmef development team is pleased to announce the release of libidmef 0.7.1. This release is compliant with version 0.7 of the IDMEF specification. Notable changes include: + Addition of IDMEF parsing and c struct -> xml generation code (courtesy of NAI) + Removal of the libntp dependency + Additional cross platform compatibility + IDMEF version 0.7 compliance We have also moved the source tree to SourceForge, and have created two mailing lists to better serve user and developer needs. You can visit the project homepage for more information. I'd also like to point out that we have added a few new members to the team, and expect to pick up the development pace in the months to come. Thank you to all who have contributed to the project already. Project Homepage: http://www.silicondefense.com/idwg/libidmef/ SourceForge Info: http://sourceforge.net/projects/libidmef/ Direct Download: http://www.silicondefense.com/idwg/libidmef/libidmef-0.7.1.tar.gz Kind Regards, Joe McAlerney (jo...@si...) Adam Migus (am...@ti...) |
