Prelude Reporting Patch For Snort
=================================

This distribution conatrains a set of pacthes for multiple versions of Snort
allowing the use of Snort as a Prelude IDS sensor. 

The diffs are named as snort-x.x.x-prelude.diff , where x.x.x is the version
of snort the patch is intended to use with. 

Autoconf 2.53 or later is required for building the patched Snort.


Usage
-----

1. Get the Snort source tarball from http://www.snort.org/ .

2. Unpack the tarball, and cd to created directory.

3. Apply the patch with matching version number:

	patch -p0 < /path/to/patch/snort-x.x.x-prelude.diff

   where x.x.x is the version name of the Snort tarball. 

4. Execute the autogen.sh script:

	sh ./autogen.sh

   (note: you must have autoconf 2.53 or newer)/

5. Build and install patched Snort with standard command sequence:

	./configure && make && make install

6. See README.Prelude in Snort source tree main directory for detailed
   usage information. 

Revision history:
-----------------

2003-10-05	Version 0.2.5, for Snort 2.0.0 - 2.0.2
		Thanks to Serhii Hlodin <hlodin@altlinux.ru>
		for Snort 2.0.2 support. 

2003-05-09      Version 0.2.4, for Snort 2.0 and 2.0.1
                Fixed handling of alert.impact.*

2003-05-27      Version 0.2.3, for Snort 2.0
                Added support for Detection Time object. 

2003-04-20	Version 0.2.2, for Snort 2.0
		Fixed memory leaks.
		Added support for packet dumps, IP and TCP options. 
		Modified #ifdefs, so Snort compiles cleanly
		with Prelude support disabled. 
		
		Patches for Snort < 2.0.0 are no longer maintained and
		have been removed from the archive.

2003-04-16	Included patch for Snort version 2.0.0.
		Fixed a bug in handling of 'completion' field
		in patches for Snort 1.9.1 and 2.0.0.

2003-04-07	Included patch for Snort version 1.9.1.

2002-08-09	Initial release: patch version 0.1 for Snort 1.8.6 and
		1.8.7.

- Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
