set (VERSION_MAJOR 3)
set (VERSION_MINOR 6)
-set (VERSION_PATCH 2)
+set (VERSION_PATCH 3)
set (VERSION_SUBLEVEL 0)
set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
+2025-02-03: 3.6.3.0
+
+* appid: added check for brute force manager presence
+* dump_config: implement dump config generation in a file
+* extractor: add handling for connector creation failure
+* extractor: support connection logs
+* file: malware and file events when action changed from block malware to cloud malware lookup event
+* file: retrying the packet when file cache is full
+* flow: add command that dumps only flow summaries
+* framework: remove inspector slot and use get_instance_id instead
+* ftp_telnet: only add expected flows when the daq_msg field in the control packet is not null.
+* hosts: added check to verify ip protocol match on hosts lookup
+* main: add thread_id in instance_mapping output file
+* main: acquire TSC time scale at the startup
+* mercury: telemetry file changes for multiprocess snort
+* packet_io: check the DAQ_Msg_h parameter on api calls and return an error code when it is a null pointer
+* perf_monitor: update structure clearing to C++ method
+* perf_monitor: update flow state value reset
+
2025-01-19: 3.6.2.0
* appid: adding thresholds to brute-force detection
The Snort Team
Revision History
-Revision 3.6.2.0 2025-01-19 22:53:58 EST TST
+Revision 3.6.3.0 2025-02-04 00:09:48 EST TST
---------------------------------------------------------------------
Operation
* implied snort.--enable-test-features: enable features used in
testing
+ * string snort.--gen-dump-config: <file> dump configuration to
+ <file_timestamp> during startup and configuration reload
* implied snort.--gen-msg-map: dump configured rules in gen-msg.map
format for use by other tools
* implied snort.--help: show help overview
csv | json }
* string extractor.connector: output destination for extractor
* enum extractor.protocols[].service: service to extract from {
- http | ftp }
+ http | ftp | conn }
* int extractor.protocols[].tenant_id = 0: tenant_id of target
tenant { 0:max32 }
* string extractor.protocols[].on_events: specify events to log
Commands:
* stream.dump_flows(): dump the flow table
+ * stream.dump_flows_summary(): dump the flow summaries
Rules:
the version
* --enable-inline-test enable Inline-Test Mode Operation
* --enable-test-features enable features used in testing
+ * --gen-dump-config <file> dump configuration to <file_timestamp>
+ during startup and configuration reload
* --gen-msg-map dump configured rules in gen-msg.map format for use
by other tools
* --help show help overview
* string extractor.protocols[].fields: specify fields to log
* string extractor.protocols[].on_events: specify events to log
* enum extractor.protocols[].service: service to extract from {
- http | ftp }
+ http | ftp | conn }
* int extractor.protocols[].tenant_id = 0: tenant_id of target
tenant { 0:max32 }
* string file_connector[].connector: connector name
testing
* implied snort.-f: turn off fflush() calls after binary log writes
* int snort.-G: <0xid> (same as --logid) { 0:65535 }
+ * string snort.--gen-dump-config: <file> dump configuration to
+ <file_timestamp> during startup and configuration reload
* implied snort.--gen-msg-map: dump configured rules in gen-msg.map
format for use by other tools
* string snort.-g: <gname> run snort gid as <gname> group (or gid)
* snort.quit(): shutdown and dump-stats
* snort.help(): this output
* stream.dump_flows(): dump the flow table
+ * stream.dump_flows_summary(): dump the flow summaries
* trace.set(modules, constraints, ntuple, timestamp): set modules
traces, constraints, ntuple and timestamp options
* trace.clear(): clear modules traces and constraints
The Snort Team
Revision History
-Revision 3.6.2.0 2025-01-19 22:55:16 EST TST
+Revision 3.6.3.0 2025-02-04 00:10:40 EST TST
---------------------------------------------------------------------
The Snort Team
Revision History
-Revision 3.6.2.0 2025-01-19 22:54:24 EST TST
+Revision 3.6.3.0 2025-02-04 00:10:05 EST TST
---------------------------------------------------------------------
--dump-config-text, --dump-config=all, --dump-config=top. They are
described in detail below.
+The --gen-dump-config <file> option enables Snort to generate a dump
+configuration file with a timestamp and config generation ID during
+startup and reload.
+
The simple configuration is used in examples. The output contains
applied configurations (defaults and configured). To simplify the
output we show a brief list of default options.
},
}
+5.5.3. Configuration Dump Generation During Startup and Reload
+
+The --gen-dump-config <file> option dumps configuration in a file in
+JSON format, similar to the --dump-config=all option. It creates a
+file during startup and reload, with the specified name, timestamp
+and config generation ID appended.
+
+Example: snort -c snort.lua --gen-dump-config dump_output
+
+After execution, the "dump_output_<timestamp>_<config_gen_id>" file
+will be generated.
+
5.6. DCE Inspectors
{
{ service = 'http', tenant_id = 1, on_events = 'eot', fields = 'ts, uri, host, method' },
{ service = 'ftp', tenant_id = 1, on_events = 'request', fields = 'ts, command, arg' },
- { service = 'http', tenant_id = 2, on_events = 'eot', fields = 'ts, uri' }
+ { service = 'http', tenant_id = 2, on_events = 'eot', fields = 'ts, uri' },
+ { service = 'conn', tenant_id = 1, on_events = 'eof', fields = 'ts, uid, service' }
}
}
+ response
+ eot (a session defined by the following commands: APPE, DELE,
RETR, STOR, STOU, ACCT, PORT, PASV, EPRT, EPSV)
+ * connection (conn)
+
+ + eof (end of flow)
Common fields available for every service:
* data_channel.resp_h - IP address of data channel receiving point
* data_channel.resp_p - TCP port of data channel receiving point
+Fields supported for connection:
+
+ * duration - connection duration in seconds
+ * proto - transport layer protocol of the connection
+ * service - connection’s application protocol
+ * orig_pkts - number of packets originator sent
+ * resp_pkts - number of packets responder sent
+
5.18.3. Example
Adding the following lines to a default snort configuration (which
projects / thirdparty / snort3.git / commitdiff
