[Snort-users] Barnyard2 - v2-1.10 is released

Joel Esler jesler at ...1935...
Wed Sep 26 12:28:43 EDT 2012

Oinkmaster and barnyard are two different things.

Oinkmaster updates rules.  Barnyard2 processes Snort's output.

On Sep 26, 2012, at 12:26 PM, AllowOverride <allowoverride at ...11827...> wrote:

> Hello Firnsy folks,
> quick question: it's been interesting to exactly how interact barnyard
> interacts with snort, and curious why it was chosen over oinkmaster as
> the preferred method. I have noticed that usually if a product is
> incorporated with another, they would have a basic config file that
> mirrors the file paths, rather than it be say manually configed inside
> the conf, or in commandline options when run. So, I wonder if you could
> pass this to the devs and ask if they can try to make it Easier to
> install with the snort source attained from snort.org. I mean, they
> state its preferred now over oinkmaster, however, it its not a seemless
> install. yes I understand linux/unix FS but for it to be much quicker
> and easier to install with snort would be great! meaning, paths match
> the same as the snort- for example version.
> also, there is the same issue with pulledpork. paths are all over the
> place. both snort, and PP, and yes Barnyard2-firnsy the paths can be
> cumbersome to finagle for first or even 2nd time users. 
> just a heads up, it's not simple and takes days especially when trying
> to auto script snort, PP, and BY to all work together.
> pass this on to a friend, thanks, pete 
> On Tue, 2012-09-25 at 18:54 +1000, firnsy wrote:
>> G'day all,
>> It's my great pleasure to finally announce the next stable release of
>> barnyard2 v2-1.10 build(310).
>> After almost 20 months of development and continuous testing from the
>> community we are happy to get this one out to the masses (without the
>> beta tag).
>> This development cycle has seen a lot of changes, refinements and
>> fixes. This will be the last version build arround the old database
>> schema.
>> The next release of barnyard2 will come with new database output that
>> only support the new schema, native IPv6 support and FULL unified2
>> support for all output plugin.
>> I could go on about the changes, but the wait has been long enough.
>> Here's a summary of the more notable changes:
>> * Additions
>>  - spo_database. Support of encrypted connections to postgresql
>>    is now available. See README.database for the appropriate options.
>>  - spo_sguil. Fixed issue with duplication of alerts.
>>  - Completely re-written database plugin for performance
>>    optimisation against the original DB schema.
>>    NOTE: If you have intentions of running this new version we
>>    highly recommended you to clean two databases table for better
>>    performance: reference and sig_reference, not doing so will not
>>    break anything but could slow the startup caching process).
>>  - New Bro output plugin (thanks to Seth Hall)
>>  - A new syslog plugin (syslog_full) that support local and remote
>>    TCP and UDP syslog.
>> * Improvements
>>  - Improved support against the latest Unified 2 format. Extended
>>    headers are read, however no plugins use the information currently.
>>  - Improved core IPv6 support.
>>  - Compile under cygwin
>>  - And many, many bugfixes.
>> You can download the source in a number of ways:
>>  - https://github.com/firnsy/barnyard2/tags (as a zip/tarball)
>>  - git://github.com/firnsy/barnyard2.git (via a git clone)
>> I would like to pay a special thanks to Eric Lauzon (the newest member
>> of the core development team) and the many people who have helped along
>> the road: Russell Fulton, Tim Shelton, JJ Cummings. Michael Steele,
>> Brett Edgar, Bill Parker, Miguel Alvarez, Martin Holste, Jason Haar and
>> any others who I may have missed.
>> Regards,
>> - firnsy
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and 
>> threat landscape has changed and how IT managers can respond. Discussions 
>> will include endpoint security, mobile security and the latest in malware 
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list