[Snort-users] Barnyard2 - v2-1.10 is released
jesler at ...1935...
Wed Sep 26 12:28:43 EDT 2012
Oinkmaster and barnyard are two different things.
Oinkmaster updates rules. Barnyard2 processes Snort's output.
On Sep 26, 2012, at 12:26 PM, AllowOverride <allowoverride at ...11827...> wrote:
> Hello Firnsy folks,
> quick question: it's been interesting to exactly how interact barnyard
> interacts with snort, and curious why it was chosen over oinkmaster as
> the preferred method. I have noticed that usually if a product is
> incorporated with another, they would have a basic config file that
> mirrors the file paths, rather than it be say manually configed inside
> the conf, or in commandline options when run. So, I wonder if you could
> pass this to the devs and ask if they can try to make it Easier to
> install with the snort source attained from snort.org. I mean, they
> state its preferred now over oinkmaster, however, it its not a seemless
> install. yes I understand linux/unix FS but for it to be much quicker
> and easier to install with snort would be great! meaning, paths match
> the same as the snort-184.108.40.206 for example version.
> also, there is the same issue with pulledpork. paths are all over the
> place. both snort, and PP, and yes Barnyard2-firnsy the paths can be
> cumbersome to finagle for first or even 2nd time users.
> just a heads up, it's not simple and takes days especially when trying
> to auto script snort, PP, and BY to all work together.
> pass this on to a friend, thanks, pete
> On Tue, 2012-09-25 at 18:54 +1000, firnsy wrote:
>> G'day all,
>> It's my great pleasure to finally announce the next stable release of
>> barnyard2 v2-1.10 build(310).
>> After almost 20 months of development and continuous testing from the
>> community we are happy to get this one out to the masses (without the
>> beta tag).
>> This development cycle has seen a lot of changes, refinements and
>> fixes. This will be the last version build arround the old database
>> The next release of barnyard2 will come with new database output that
>> only support the new schema, native IPv6 support and FULL unified2
>> support for all output plugin.
>> I could go on about the changes, but the wait has been long enough.
>> Here's a summary of the more notable changes:
>> * Additions
>> - spo_database. Support of encrypted connections to postgresql
>> is now available. See README.database for the appropriate options.
>> - spo_sguil. Fixed issue with duplication of alerts.
>> - Completely re-written database plugin for performance
>> optimisation against the original DB schema.
>> NOTE: If you have intentions of running this new version we
>> highly recommended you to clean two databases table for better
>> performance: reference and sig_reference, not doing so will not
>> break anything but could slow the startup caching process).
>> - New Bro output plugin (thanks to Seth Hall)
>> - A new syslog plugin (syslog_full) that support local and remote
>> TCP and UDP syslog.
>> * Improvements
>> - Improved support against the latest Unified 2 format. Extended
>> headers are read, however no plugins use the information currently.
>> - Improved core IPv6 support.
>> - Compile under cygwin
>> - And many, many bugfixes.
>> You can download the source in a number of ways:
>> - https://github.com/firnsy/barnyard2/tags (as a zip/tarball)
>> - git://github.com/firnsy/barnyard2.git (via a git clone)
>> I would like to pay a special thanks to Eric Lauzon (the newest member
>> of the core development team) and the many people who have helped along
>> the road: Russell Fulton, Tim Shelton, JJ Cummings. Michael Steele,
>> Brett Edgar, Bill Parker, Miguel Alvarez, Martin Holste, Jason Haar and
>> any others who I may have missed.
>> - firnsy
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> Snort-users list archive:
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
More information about the Snort-users