[Snort-users] Barnyard2 - v2-1.10 is released

AllowOverride allowoverride at ...11827...
Wed Sep 26 12:26:58 EDT 2012


Hello Firnsy folks,

quick question: it's been interesting to exactly how interact barnyard
interacts with snort, and curious why it was chosen over oinkmaster as
the preferred method. I have noticed that usually if a product is
incorporated with another, they would have a basic config file that
mirrors the file paths, rather than it be say manually configed inside
the conf, or in commandline options when run. So, I wonder if you could
pass this to the devs and ask if they can try to make it Easier to
install with the snort source attained from snort.org. I mean, they
state its preferred now over oinkmaster, however, it its not a seemless
install. yes I understand linux/unix FS but for it to be much quicker
and easier to install with snort would be great! meaning, paths match
the same as the snort-2.9.3.1 for example version.

also, there is the same issue with pulledpork. paths are all over the
place. both snort, and PP, and yes Barnyard2-firnsy the paths can be
cumbersome to finagle for first or even 2nd time users. 

just a heads up, it's not simple and takes days especially when trying
to auto script snort, PP, and BY to all work together.

pass this on to a friend, thanks, pete 

On Tue, 2012-09-25 at 18:54 +1000, firnsy wrote:
> G'day all,
> 
> It's my great pleasure to finally announce the next stable release of
> barnyard2 v2-1.10 build(310).
> 
> After almost 20 months of development and continuous testing from the
> community we are happy to get this one out to the masses (without the
> beta tag).
> 
> This development cycle has seen a lot of changes, refinements and
> fixes. This will be the last version build arround the old database
> schema.
> 
> The next release of barnyard2 will come with new database output that
> only support the new schema, native IPv6 support and FULL unified2
> support for all output plugin.
> 
> I could go on about the changes, but the wait has been long enough.
> Here's a summary of the more notable changes:
> 
> * Additions
>   - spo_database. Support of encrypted connections to postgresql
>     is now available. See README.database for the appropriate options.
> 
>   - spo_sguil. Fixed issue with duplication of alerts.
> 
>   - Completely re-written database plugin for performance
>     optimisation against the original DB schema.
> 
>     NOTE: If you have intentions of running this new version we
>     highly recommended you to clean two databases table for better
>     performance: reference and sig_reference, not doing so will not
>     break anything but could slow the startup caching process).
> 
>   - New Bro output plugin (thanks to Seth Hall)
> 
>   - A new syslog plugin (syslog_full) that support local and remote
>     TCP and UDP syslog.
> 
> * Improvements
>   - Improved support against the latest Unified 2 format. Extended
>     headers are read, however no plugins use the information currently.
> 
>   - Improved core IPv6 support.
> 
>   - Compile under cygwin
> 
>   - And many, many bugfixes.
> 
> You can download the source in a number of ways:
>   - https://github.com/firnsy/barnyard2/tags (as a zip/tarball)
>   - git://github.com/firnsy/barnyard2.git (via a git clone)
> 
> I would like to pay a special thanks to Eric Lauzon (the newest member
> of the core development team) and the many people who have helped along
> the road: Russell Fulton, Tim Shelton, JJ Cummings. Michael Steele,
> Brett Edgar, Bill Parker, Miguel Alvarez, Martin Holste, Jason Haar and
> any others who I may have missed.
> 
> Regards,
> - firnsy
> 
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list