[Snort-users] Snort++ Build 239

Jim Campbell jim at w4bqp.net
Mon Aug 7 11:53:35 EDT 2017


Now that I have a running (though back-level) IPS I'll play with getting 
the unified2x logger working. For clarification, does this mean that I 
can use Snort++ and the unified2x logger will output records 
understandable by Barnyard2?

On 8/7/2017 11:40 AM, Russ wrote:
> Glad you got something working, though it is a step backwards. Snort++ 
> can do all that Snort 2.X can do and more, and with better 
> performance.  The unified2x logger is there if you should decide to 
> upgrade at some point.
>
> On 8/7/17 11:24 AM, Jim Campbell wrote:
>> Russ,
>>
>> There is another way to "get me back to where I was." Since the Snort 
>> group had the foresight to install Snort3 with an entirely different 
>> directory path than Snort2, I installed the rest of Snort2 (some of 
>> it was already there) in the old path. I had to touch up some of the 
>> config files but that allowed me to regress to Snort 2.9.9.0 with 
>> little pain. I've had Snort2 humming along nicely for the last 
>> several days. I'm using Barnyard2, Pulledpork, Apache2 and BASE for 
>> the rest of my installation.
>>
>> Thanks for your help.
>>
>> Jim
>>
>> On 8/7/2017 9:18 AM, Russ wrote:
>>> Not aware of any barnyard2 alternatives. Maybe Joel has some 
>>> suggestions.
>>>
>>> Since I haven't heard anything from the barnyard2 groups, I've 
>>> resurrected the old unified2 logger as unified2x in the extras. You 
>>> will need to build and install the extras and use --plugin-path to 
>>> point to the installed plugins and then add unified2x = { } (or 
>>> however you configure it) to your snort.lua. The existing unified2 
>>> logger will only generate newer events so you must use unified2x 
>>> instead.  That should get you back to where you were.
>>>
>>>
>>> On 7/31/17 10:08 AM, Jim Campbell wrote:
>>>> I forgot to ask; Is there a viable alternative to Barnyard2? What 
>>>> do you suggest?
>>>>
>>>> Jim
>>>>
>>>> On 7/31/2017 9:30 AM, Russ wrote:
>>>>> Snort++ has new record types for u2 output and no longer outputs 
>>>>> the legacy types.  I've contacted the barnyard2 folks to work with 
>>>>> them on updates.
>>>>>
>>>>> How are you using barnyard2?  Are you feeding a database?
>>>>>
>>>>
>>>
>>>
>>
>
>




More information about the Snort-users mailing list