[Snort-users] Snort++ Build 239

Russ rucombs at cisco.com
Mon Aug 7 11:40:25 EDT 2017


Glad you got something working, though it is a step backwards. Snort++ 
can do all that Snort 2.X can do and more, and with better performance.  
The unified2x logger is there if you should decide to upgrade at some point.

On 8/7/17 11:24 AM, Jim Campbell wrote:
> Russ,
>
> There is another way to "get me back to where I was." Since the Snort 
> group had the foresight to install Snort3 with an entirely different 
> directory path than Snort2, I installed the rest of Snort2 (some of it 
> was already there) in the old path. I had to touch up some of the 
> config files but that allowed me to regress to Snort 2.9.9.0 with 
> little pain. I've had Snort2 humming along nicely for the last several 
> days. I'm using Barnyard2, Pulledpork, Apache2 and BASE for the rest 
> of my installation.
>
> Thanks for your help.
>
> Jim
>
> On 8/7/2017 9:18 AM, Russ wrote:
>> Not aware of any barnyard2 alternatives. Maybe Joel has some 
>> suggestions.
>>
>> Since I haven't heard anything from the barnyard2 groups, I've 
>> resurrected the old unified2 logger as unified2x in the extras. You 
>> will need to build and install the extras and use --plugin-path to 
>> point to the installed plugins and then add unified2x = { } (or 
>> however you configure it) to your snort.lua. The existing unified2 
>> logger will only generate newer events so you must use unified2x 
>> instead.  That should get you back to where you were.
>>
>>
>> On 7/31/17 10:08 AM, Jim Campbell wrote:
>>> I forgot to ask; Is there a viable alternative to Barnyard2? What do 
>>> you suggest?
>>>
>>> Jim
>>>
>>> On 7/31/2017 9:30 AM, Russ wrote:
>>>> Snort++ has new record types for u2 output and no longer outputs 
>>>> the legacy types.  I've contacted the barnyard2 folks to work with 
>>>> them on updates.
>>>>
>>>> How are you using barnyard2?  Are you feeding a database?
>>>>
>>>
>>
>>
>




More information about the Snort-users mailing list