[Snort-users] Barnyard2 - v2-1.10 is released

AllowOverride allowoverride at ...11827...
Thu Sep 27 14:04:05 EDT 2012


thanks joel, the point here is, standardization. if snort, the A program
is compiled with paths in the make file here, then all other programs
should follow same paths,
not /usr/local/etc/snort, /usr/local/bin/snort, /usr/bin/snort, /etc/snort, /etc/snort/etc,
so on so forth,
then /etc/snort/lib/snort_dynmaic* /usr/local/lib/snort/snort_dynamic*
so on so forth,, make them all the same, as everything is under root /
and everything is all over the place, in the pulledpork.pl,
pulledpork.conf, the
barynard2.conf, /usr/local/etc/snort/barnyard2.conf, /usr/local/snort/barnyard2.conf, so on so forth, 

then on top of all of that, the options to run snort with paths defined
in confs vs paths defined on cmdline.

just make it simple. devs at pulledpork barynard, snort should have a
conference call and define the friggen paths. thats my point.
thanks



On Wed, 2012-09-26 at 12:28 -0400, Joel Esler wrote:
> Oinkmaster and barnyard are two different things.
> 
> Oinkmaster updates rules.  Barnyard2 processes Snort's output.
> 
> On Sep 26, 2012, at 12:26 PM, AllowOverride <allowoverride at ...11827...> wrote:
> 
> > Hello Firnsy folks,
> > 
> > quick question: it's been interesting to exactly how interact barnyard
> > interacts with snort, and curious why it was chosen over oinkmaster as
> > the preferred method. I have noticed that usually if a product is
> > incorporated with another, they would have a basic config file that
> > mirrors the file paths, rather than it be say manually configed inside
> > the conf, or in commandline options when run. So, I wonder if you could
> > pass this to the devs and ask if they can try to make it Easier to
> > install with the snort source attained from snort.org. I mean, they
> > state its preferred now over oinkmaster, however, it its not a seemless
> > install. yes I understand linux/unix FS but for it to be much quicker
> > and easier to install with snort would be great! meaning, paths match
> > the same as the snort-2.9.3.1 for example version.
> > 
> > also, there is the same issue with pulledpork. paths are all over the
> > place. both snort, and PP, and yes Barnyard2-firnsy the paths can be
> > cumbersome to finagle for first or even 2nd time users. 
> > 
> > just a heads up, it's not simple and takes days especially when trying
> > to auto script snort, PP, and BY to all work together.
> > 
> > pass this on to a friend, thanks, pete 
> > 
> > On Tue, 2012-09-25 at 18:54 +1000, firnsy wrote:
> >> G'day all,
> >> 
> >> It's my great pleasure to finally announce the next stable release of
> >> barnyard2 v2-1.10 build(310).
> >> 
> >> After almost 20 months of development and continuous testing from the
> >> community we are happy to get this one out to the masses (without the
> >> beta tag).
> >> 
> >> This development cycle has seen a lot of changes, refinements and
> >> fixes. This will be the last version build arround the old database
> >> schema.
> >> 
> >> The next release of barnyard2 will come with new database output that
> >> only support the new schema, native IPv6 support and FULL unified2
> >> support for all output plugin.
> >> 
> >> I could go on about the changes, but the wait has been long enough.
> >> Here's a summary of the more notable changes:
> >> 
> >> * Additions
> >>  - spo_database. Support of encrypted connections to postgresql
> >>    is now available. See README.database for the appropriate options.
> >> 
> >>  - spo_sguil. Fixed issue with duplication of alerts.
> >> 
> >>  - Completely re-written database plugin for performance
> >>    optimisation against the original DB schema.
> >> 
> >>    NOTE: If you have intentions of running this new version we
> >>    highly recommended you to clean two databases table for better
> >>    performance: reference and sig_reference, not doing so will not
> >>    break anything but could slow the startup caching process).
> >> 
> >>  - New Bro output plugin (thanks to Seth Hall)
> >> 
> >>  - A new syslog plugin (syslog_full) that support local and remote
> >>    TCP and UDP syslog.
> >> 
> >> * Improvements
> >>  - Improved support against the latest Unified 2 format. Extended
> >>    headers are read, however no plugins use the information currently.
> >> 
> >>  - Improved core IPv6 support.
> >> 
> >>  - Compile under cygwin
> >> 
> >>  - And many, many bugfixes.
> >> 
> >> You can download the source in a number of ways:
> >>  - https://github.com/firnsy/barnyard2/tags (as a zip/tarball)
> >>  - git://github.com/firnsy/barnyard2.git (via a git clone)
> >> 
> >> I would like to pay a special thanks to Eric Lauzon (the newest member
> >> of the core development team) and the many people who have helped along
> >> the road: Russell Fulton, Tim Shelton, JJ Cummings. Michael Steele,
> >> Brett Edgar, Bill Parker, Miguel Alvarez, Martin Holste, Jason Haar and
> >> any others who I may have missed.
> >> 
> >> Regards,
> >> - firnsy
> >> 
> >> 
> >> ------------------------------------------------------------------------------
> >> Live Security Virtual Conference
> >> Exclusive live event will cover all the ways today's security and 
> >> threat landscape has changed and how IT managers can respond. Discussions 
> >> will include endpoint security, mobile security and the latest in malware 
> >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >> 
> >> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> > 
> 





More information about the Snort-users mailing list