[Snort-users] Snort3 and barnyard2

Russ rucombs at cisco.com
Tue Aug 28 14:14:48 EDT 2018


Snort 3 does not provide those files.  Barnyard2 is woefully out of date 
at this point, but you use classification.config and reference.config 
from the Snort 2 download.  sid-msg.map is in the rules download.  
gen-msg.map can be created by running this Snort 3 command:

     snort --list-builtin | sed -e "s/ / || /; s/:/ || /" | sort -n -t 
'|' -k 1 -k 3

Hope that helps.
Russ

On 8/28/18 10:16 AM, oleg gv via Snort-users wrote:
> Hello, I'm tring to use snort3 with unified2 = {...} options in config 
> and barnyar2 to process logs.
>
> Barn2 need gen-msg.map and sid-msg.map files and 
> classifications/refernce files.
>
> Where to get them in snort3 or snort3-rules packages ? No *.map files 
> found here.
>
> Is it possible to run snort3 with barny2 ?
>
> Thanks.
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> 	To unsubscribe, send an email to:
> 	snort-users-leave at lists.snort.org
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180828/45655fb8/attachment.html>


More information about the Snort-users mailing list