Suricata 1.1 正式版发布，网络入侵检测

Suricata 是一个网络入侵检测和阻止引擎，由开放信息安全基金会以及它说支持的提供商说开发。该引擎是多线程的，内置 IPv6 的支持，可加载预设规则，支持 Barnyard 和 Barnyard2 工具。

Suricata 1.1 版主要改变如下:

Notable Improvements

    * performance improvements
    *   – new default pattern matcher
    *   – multi pattern matcher inspection of HTTP buffers
    *   – improved running modes
    * accuracy was greatly improved
    * improved logging
    *   – extended HTTP logging
    *   – support of stream event logging
    * IPS improvements
    *   – inline mode for stream engine
    *   – new keyword and running options for Netfilter based IPS
    * removal of the unified1 output plugins (#353)

New features

    * new keywords ssl_state, ssl_version (#258, #262).
    * support for http_raw_header, http_stat_msg, http_stat_code and http_raw_uri keywords (#259, #260).
    * new keyword support: nfq_set_mark
    * support for suppress keyword was added (#274)
    * byte_extract keyword support was added
    * new default pattern matcher, Aho-Corasick based, that uses much less memory and performs better
    * fast_pattern & multi pattern matching support for HTTP buffers
    * extended HTTP request logging for use with (among other things) http_agent for Sguil (#38)
    * new counters in stats.log for flow and stream engines (#348)
    * AF_PACKET support for high speed packet capture
    * advanced and fine tuning of CPU affinity setting for enhanced multicore performances
    * “replace” keyword support for IPS mode (#303)
    * new “workers” runmode for multi-dev and/or clustered PF_RING, AF_PACKET, pcap
    * added “stream-event” keyword to match on TCP session anomalies
    * Inline mode for the stream engine (#230, #248)
    * Included an example decoder-events.rules file
    * pcap logging / recording output was added
    * basic SCTP protocol parsing was added
    * reference.config support as supplied by ET/ETpro and VRT
    * smtp protocol parser and protocol detection was added
    * better handling of detection for timed out TCP sessions
    * improved protocol detection accuracy with additional support for port based detection

Fixes since 1.1rc1

    * CUDA build fixed
    * minor pcap, AF_PACKET and PF_RING fixes (#368)
    * bpf handling fix
    * Windows CYGWIN build
    * more cleanups

更多关于Suricata的详细信息，或者下载地址请点这里