[Snort-users] Snort++ Build 239

Marcin Dulak marcin.dulak at gmail.com
Mon Aug 7 09:29:56 EDT 2017


On Mon, Aug 7, 2017 at 3:18 PM, Russ via Snort-users <
snort-users at lists.snort.org> wrote:

> Not aware of any barnyard2 alternatives.  Maybe Joel has some suggestions.
>
> Since I haven't heard anything from the barnyard2 groups, I've resurrected
> the old unified2 logger as unified2x in the extras.  You will need to build
> and install the extras and use --plugin-path to point to the installed
> plugins and then add unified2x = { } (or however you configure it) to your
> snort.lua.  The existing unified2 logger will only generate newer events so
> you must use unified2x instead.  That should get you back to where you were.
>
>
> On 7/31/17 10:08 AM, Jim Campbell wrote:
>
>> I forgot to ask; Is there a viable alternative to Barnyard2? What do you
>> suggest?
>>
>
you can also try to work with jasonish to get snort support into
https://github.com/jasonish/evebox
Jason is aware of the new buffer type event appearing in snort3:
https://github.com/jasonish/py-idstools/issues/44#issuecomment-290966275

Marcin



>> Jim
>>
>> On 7/31/2017 9:30 AM, Russ wrote:
>>
>>> Snort++ has new record types for u2 output and no longer outputs the
>>> legacy types.  I've contacted the barnyard2 folks to work with them on
>>> updates.
>>>
>>> How are you using barnyard2?  Are you feeding a database?
>>>
>>>
>>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170807/996a0870/attachment.html>


More information about the Snort-users mailing list