[Snort-users] Snort++ Build 239

Russ rucombs at cisco.com
Mon Aug 7 09:18:28 EDT 2017


Not aware of any barnyard2 alternatives.  Maybe Joel has some suggestions.

Since I haven't heard anything from the barnyard2 groups, I've 
resurrected the old unified2 logger as unified2x in the extras.  You 
will need to build and install the extras and use --plugin-path to point 
to the installed plugins and then add unified2x = { } (or however you 
configure it) to your snort.lua.  The existing unified2 logger will only 
generate newer events so you must use unified2x instead.  That should 
get you back to where you were.


On 7/31/17 10:08 AM, Jim Campbell wrote:
> I forgot to ask; Is there a viable alternative to Barnyard2? What do 
> you suggest?
>
> Jim
>
> On 7/31/2017 9:30 AM, Russ wrote:
>> Snort++ has new record types for u2 output and no longer outputs the 
>> legacy types.  I've contacted the barnyard2 folks to work with them 
>> on updates.
>>
>> How are you using barnyard2?  Are you feeding a database?
>>
>




More information about the Snort-users mailing list