[Snort-users] Barnyard2 - v2-1.10 is released

Joel Esler jesler at ...1935...
Thu Sep 27 19:09:08 EDT 2012

We put our applications and libraries in the proper standard locations.  I'm not sure how barnyard2 functions, and pulledpork is a perl script (so it can be placed wherever is my point).

But as far as all of us getting together, I tend to think that between all the projects we do a pretty good job of communicating.  But we certainly have room for growth.


Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

On Sep 27, 2012, at 2:04 PM, AllowOverride <allowoverride at ...11827...> wrote:

> thanks joel, the point here is, standardization. if snort, the A program
> is compiled with paths in the make file here, then all other programs
> should follow same paths,
> not /usr/local/etc/snort, /usr/local/bin/snort, /usr/bin/snort, /etc/snort, /etc/snort/etc,
> so on so forth,
> then /etc/snort/lib/snort_dynmaic* /usr/local/lib/snort/snort_dynamic*
> so on so forth,, make them all the same, as everything is under root /
> and everything is all over the place, in the pulledpork.pl,
> pulledpork.conf, the
> barynard2.conf, /usr/local/etc/snort/barnyard2.conf, /usr/local/snort/barnyard2.conf, so on so forth, 
> then on top of all of that, the options to run snort with paths defined
> in confs vs paths defined on cmdline.
> just make it simple. devs at pulledpork barynard, snort should have a
> conference call and define the friggen paths. thats my point.
> thanks
> On Wed, 2012-09-26 at 12:28 -0400, Joel Esler wrote:
>> Oinkmaster and barnyard are two different things.
>> Oinkmaster updates rules.  Barnyard2 processes Snort's output.
>> On Sep 26, 2012, at 12:26 PM, AllowOverride <allowoverride at ...11827...> wrote:
>>> Hello Firnsy folks,
>>> quick question: it's been interesting to exactly how interact barnyard
>>> interacts with snort, and curious why it was chosen over oinkmaster as
>>> the preferred method. I have noticed that usually if a product is
>>> incorporated with another, they would have a basic config file that
>>> mirrors the file paths, rather than it be say manually configed inside
>>> the conf, or in commandline options when run. So, I wonder if you could
>>> pass this to the devs and ask if they can try to make it Easier to
>>> install with the snort source attained from snort.org. I mean, they
>>> state its preferred now over oinkmaster, however, it its not a seemless
>>> install. yes I understand linux/unix FS but for it to be much quicker
>>> and easier to install with snort would be great! meaning, paths match
>>> the same as the snort- for example version.
>>> also, there is the same issue with pulledpork. paths are all over the
>>> place. both snort, and PP, and yes Barnyard2-firnsy the paths can be
>>> cumbersome to finagle for first or even 2nd time users. 
>>> just a heads up, it's not simple and takes days especially when trying
>>> to auto script snort, PP, and BY to all work together.
>>> pass this on to a friend, thanks, pete 
>>> On Tue, 2012-09-25 at 18:54 +1000, firnsy wrote:
>>>> G'day all,
>>>> It's my great pleasure to finally announce the next stable release of
>>>> barnyard2 v2-1.10 build(310).
>>>> After almost 20 months of development and continuous testing from the
>>>> community we are happy to get this one out to the masses (without the
>>>> beta tag).
>>>> This development cycle has seen a lot of changes, refinements and
>>>> fixes. This will be the last version build arround the old database
>>>> schema.
>>>> The next release of barnyard2 will come with new database output that
>>>> only support the new schema, native IPv6 support and FULL unified2
>>>> support for all output plugin.
>>>> I could go on about the changes, but the wait has been long enough.
>>>> Here's a summary of the more notable changes:
>>>> * Additions
>>>> - spo_database. Support of encrypted connections to postgresql
>>>>   is now available. See README.database for the appropriate options.
>>>> - spo_sguil. Fixed issue with duplication of alerts.
>>>> - Completely re-written database plugin for performance
>>>>   optimisation against the original DB schema.
>>>>   NOTE: If you have intentions of running this new version we
>>>>   highly recommended you to clean two databases table for better
>>>>   performance: reference and sig_reference, not doing so will not
>>>>   break anything but could slow the startup caching process).
>>>> - New Bro output plugin (thanks to Seth Hall)
>>>> - A new syslog plugin (syslog_full) that support local and remote
>>>>   TCP and UDP syslog.
>>>> * Improvements
>>>> - Improved support against the latest Unified 2 format. Extended
>>>>   headers are read, however no plugins use the information currently.
>>>> - Improved core IPv6 support.
>>>> - Compile under cygwin
>>>> - And many, many bugfixes.
>>>> You can download the source in a number of ways:
>>>> - https://github.com/firnsy/barnyard2/tags (as a zip/tarball)
>>>> - git://github.com/firnsy/barnyard2.git (via a git clone)
>>>> I would like to pay a special thanks to Eric Lauzon (the newest member
>>>> of the core development team) and the many people who have helped along
>>>> the road: Russell Fulton, Tim Shelton, JJ Cummings. Michael Steele,
>>>> Brett Edgar, Bill Parker, Miguel Alvarez, Martin Holste, Jason Haar and
>>>> any others who I may have missed.
>>>> Regards,
>>>> - firnsy
>>>> ------------------------------------------------------------------------------
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and 
>>>> threat landscape has changed and how IT managers can respond. Discussions 
>>>> will include endpoint security, mobile security and the latest in malware 
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list