• dumpdynamicrules: Python 3 fix, plus fix for handling directories: https://github.com/jasonish/py-idstools/pull/91
• rulecat: Fix placement of .md5 extension: https://github.com/jasonish/py-idstools/pull/82
• rules: allow config action to be used in local.rules: https://github.com/jasonish/py-idstools/pull/88
• rules: add more header elements into Rule object: https://github.com/jasonish/py-idstools/pull/87
• eve2pcap: ipv6 fix: https://github.com/jasonish/py-idstools/pull/86
• misc: replace warn with warning
• unified2: support for event type 3: https://github.com/jasonish/py-idstools/pull/74
• dumpdynamicrules: repack fix for directories: https://github.com/jasonish/py-idstools/pull/91

• eve2pcap: fix displaying of errors from libpcap
• eve2pcap: python3 fixes
• eve2pcap: print number of packets converted on exit
• rules: fix parsing of rules where the address or port list has a space
• Commit log <https://github.com/jasonish/py-idstools/compare/0.6.3...0.6.4>_

0.6.3 - 2017-11-20

• eve2pcap: fix segfault when calling libpcap functions.
• rulecat: for Emerging Threat rule URLs, use the Suricata version as found
• rulecat: default to Suricata 4.0 if it can't be found.
• rule parser: fix case where rule option does not end in ; and is last option (https://github.com/jasonish/py-idstools/issues/58)

0.6.2 - 2017-08-09

- rulecat: ignore *deleted.rules by default. Provide --no-ignore
  option to disable default ignores without having to add a new
  ignore.
- rulecat: suppress progress bar if quiet
- rulecat: fix output filenaming for downloads that are a single rule
  file
- rulecat: more python3/unicode fixes
- rule parser: if metadata is specified more than once, append to the
  existing metadata list instead of replacing it
  (https://github.com/jasonish/py-idstools/issues/57)
- `Commit log <https://github.com/jasonish/py-idstools/compare/0.6.1...0.6.2>`_

• idstools-rulecat: handle zip archive files
• rules: handle msg with escaped semicolons
• rulecat: don't generate report summary if its not going to be logged anyways (https://github.com/jasonish/py-idstools/issues/49)
• rulecat: Python 3 fixes
• rules: speed up parsing

Commit log: https://github.com/jasonish/py-idstools/compare/0.6.0...0.6.1

Change log:

• idstools-u2eve - output packet records
• idstools-rulecat: allow --local to be specified multiple times
• idstools-rulecat: --ignore option to ignore filenames
• More python 3 fixups.
• unified2 - deprecate event readers, use record readers instead (https://github.com/jasonish/py-idstools/issues/14)
• u2json: --packet-hex and --printable to print raw buffers as printable chars and hex in addition to base64.
• u2eve: --packet-printable to include a "packet_printable" field
• u2eve: include Snort extra-data with printable data.

Commit log: https://github.com/jasonish/py-idstools/compare/0.5.6...0.6.0

• idstools-rulecat: fix issue parsing Suricata version on Python 3
• idstools-rulecat: don't convert rules with noalert to drop
• idstools-rulecat: allow suricata version to be set on the command line (https://github.com/jasonish/py-idstools/issues/38)

Full commit log.

Changes:

• unified2: fix reading of ipv6 events
• idstools-u2json: option to sort the keys
• u2spewfoo: IPv6 printing fixes
• idstools-rulecat: use ET "enhanced" rules by default
• idstools-rulecat: suricata inspired colour logging
• idstools-rulecat: handle URLs ending with query parameters

• idstools: handle rules with no msg in rule parser
• idstools-rulecat: support a drop.conf for setting rules to drop
• idstools-eve2pcap: allow link type to be set on command line
• unified2: handle large appid buffer in newer versions of Snort.

• idstools-rulecat: better documentation
• idstools-rulecat: use ET Pro https URL