Release Notes: This release is capable of utilizing all CPUs/cores. This means it can digest, parse, and analyze even higher number of events per/second. Introduction of "processors". Removal of the direct SQL output plugin; to write to a SQL database, use unified2 and Barnyard2. Introduction of port variables in rules. More normalization and parsing options. Sagan currently has over five thousand signatures/rules.
Release Notes: This release support Snortsam, a firewall blocking agent for Snort. It can leverage Snortsam to block attacks based on log analysis and normalization. Snortsam currently supports Checkpoint Firewall-1, Cisco PIX/ASA, Cisco routers, Juniper/Netscreen, ipf/ipfw2 (FreeBSD), pf (OpenBSD), ipchains/iptables/ebtables (Linux), Watchguard, 8signs (Windows), and MS ISA Server (Windows). This release adds a new "after" rule option, a new DNS cache system (which shouldn't be used unless 100% necessary), Direct SQL write fixes, and various small bugfixes.