Thanks for everyone's suggestions and contributions, even if we were not
able to include the changes so far.

Changes in SnortSnarf version 111500.1 (from 102700.1)
------------------------------------------------------

+ syslog "last message repreated ..." messages now ignored without complaint
+ Ethernet addresses now parsed more correctly
+ fixed parsing of spp_portscan lines that have a trailing space
+ SISR: for getting the set name from a file, case where it was not found is now handled
+ other minor changes to the code


Changes in SnortSnarf version 102700.1 (from 102600.1)
------------------------------------------------------

+ modified alert parsing to accept latest version of the full alert format
as well as the old version
+ added check to make sure snortsnarf.pl is using correct version of
snort_alert_parse.pl


Changes in SnortSnarf version 102600.1 (from 100400.1)
------------------------------------------------------

+ cleaned up page headers and footers for improved readability; Silicon
Defense logo now present in header (GIF file auto-generated)
+ eliminated need to specially name alert files in different formats; alert
format is now automatically inferred (finally!)
+ generated pages now split across multiple directories to reduce the load
on any one directory [suggestion by Chris Green and Dread Pirate Roberts]
+ added option (-refresh=X) to add HTML that causes generated pages to
reload in your browser every X seconds [suggestion by Dave Schwinn]
+ ./include now searched by snortsnarf.pl (but not any CGIs) for its
includes [contrib by Alvar Freude]
+ added TRIUMF as a DNS lookup option
+ fixed bug where certain pages were referenced as .html even if $html was
set to 'htm' instead
+ new default input file for Windows [contrib by SilverDragon]
+ changes in SISR to better permit labeled set and incident files to be
rolled over
+ SISR: automatic IP and network annotations upon labeled set creation now
includes a link to view the labeled set
+ SISR: fixed bug in earliest_latest_times.pl in finding the latest time


Changes in SnortSnarf version 100400.1 (from 090700.1)
------------------------------------------------------

+ new link on alert pages to run a new CGI script to show an updated list
of alerts as text (if -cgidir option is given)
+ 3 DNS lookup sites now linked to from host pages (sites contrib. by Jim
Forster)
+ added www.snort.org port lookup links to displayed alerts (contrib. by
Mike Biesele)
+ added wrap=yes to TEXTAREAs in SISR and annotations to improve wrapping on
some browsers.
+ for "see also" links, counts of alerts on other page now included
+ now lists number of distinct IPs on alert pages
+ corrected log file naming for Win32 snort (contrib. by silverdragon)
+ nmap2html: improved page heading (contrib. by Sean Boran)
+ nmap log page links now grey colored
+ internal tidying up of record keeping


Changes in SnortSnarf version 090700.1 (from 072700.1)
------------------------------------------------------

+ added special handling of alerts from the Spade anomalous event sensor
including a specialized section of the pages
+ CIDR specification of networks now supported for -homenet
+ for pages listing alerts, a summary of the alert types is now presented at
top of page
+ Geektools now added as an IP lookup option (contrib. by Dr. Paul Mitchell)
+ arachNIDS links are now generated even if IDS### is not at the start of
the alert message
+ added new SISR module set_flags.pl to summarize protocol flags and added
corresponding details to the example config file


Changes in SnortSnarf version 072700.1 (from 062000.1)
------------------------------------------------------

+ added capacity for annotations about networks and pages about IP address
have a link to view/add annotations for their /16 and /24 networks
+ when an alert set is created in SISR, annotations noting this are
automatically added with the source IPs and source networks in the set
  + this is an aid in checking for earlier activity from the same host or
  network;
  + new module to do this included in distr. and added to sisr_modlist
  + new config file parameter (ann-db-loc) documented in README.SISR
+ clearing the output directory now uses Perl routines rather than system
commands and only clears files that look like it created in an earlier run;
this allows people to keep, e.g., .htaccess, files in the directory
+ random access to annotations now available from a form at the bottom of
the main page
+ bug fix: spp_portscan lines now filtered from syslog input files


Changes in SnortSnarf version 062000.1 (from 041700.1)
------------------------------------------------------

+ nmap2html tool included which generates HTML pages from nmap output files;
these can be linked to from the main SnortSnarf pages (-nmap* options)
+ IPAddrContact.pl included to look up contact e-mail addresses for an IP
address using whois databases
+ added SISR as an experimental feature; starting with a SnortSnarf alert
page SISR will let you send custom e-mail reports about an incident
+ snort rules that generate a signature found from snort rules files and
included on that signature's page; included files and relocated file
supported (-rules* options)
+ if an IP address is a source in some alerts and a destination in others, a
link to the other page is generated
+ external whois lookup links now opens a new window unless -onewindow
option is given
+ fixed log links produced for alerts for 'TTL EXCEEDED' packets
+ fixed bug in -homenet argument processing causing it the option not to
work sometimes
+ some minor fixes and improvements to generated HTML
+ now correctly displays newlines added as part of annotations
+ updated documentation


Changes in Snortsnarf version 041700.1 (from 041000.1)
------------------------------------------------------

+ fixed "off by one" bug in long alert listings
+ input files with 'messages' in the name are now treated as being generated
by syslog
+ added "-g group" option to fix_perms.pl to change the file and directory
group to the given group and change the permission to group readable
+ added "-g group" option to setup_anns_dir.pl to set the group of the
created files and directory to the given group and set the permission to
group writable
+ scattered changes to the documentation


Changes in Snortsnarf version 041000.1 (from 031800.1)
------------------------------------------------------

+ added support for -Afast and syslog'ed snort alerts
+ added linking to the appropriate snort log file from alerts on snortsnarf
pages (-ldir option)
+ added support for recording and viewing of notes about IP addresses and
snort messages, allowing you to build up a knowledge base (stored in an
external XML file, accessed by included CGI scripts) (-db option)
+ added optional use of rotating color background for alert listings -- the
color changes if the source, dest, or alert message changed from the
previous; helpful in looking over long listings (-color option)
+ long listings of alerts (sometimes slow to load) now split into segments on
different pages, once a specified threshold is reached (-split option)
+ added more internal links in the generated pages -- from displayed alerts
to source and destination IP address pages and to the page for a certain
snort message
+ added ability specifying the name of the output directory (-d option)
+ improved some of the HTML generated
+ now released under GNU General Public License
