[Snort-users] Snort3 and barnyard2

oleg gv oagvozd at gmail.com
Thu Aug 30 11:28:48 EDT 2018


Thanks a lot!

чт, 30 авг. 2018 г. в 15:25, Joel Esler (jesler) <jesler at cisco.com>:

> Pulledpork, the supported rule downloader, generates the Sid-msg.map for
> you.  This is done to ensure that any local rules and 3rd party rules are
> accounted for as well.
>
> Sent from my iPhone
>
> On Aug 30, 2018, at 08:22, oleg gv via Snort-users <
> snort-users at lists.snort.org> wrote:
>
>
>
> But in rules archive for snort3 no sid-msg.map file exists. (
> https://snort.org/downloads/registered/snortrules-snapshot-3000.tar.gz)
>
> So the only way is to use snort2 rules with snort3 and barnyard ?
>
> вт, 28 авг. 2018 г. в 21:16, Russ via Snort-users <
> snort-users at lists.snort.org>:
>
>> Snort 3 does not provide those files.  Barnyard2 is woefully out of date
>> at this point, but you use classification.config and reference.config from
>> the Snort 2 download.  sid-msg.map is in the rules download.  gen-msg.map
>> can be created by running this Snort 3 command:
>>
>>     snort --list-builtin | sed -e "s/ / || /; s/:/ || /" | sort -n -t '|'
>> -k 1 -k 3
>>
>> Hope that helps.
>> Russ
>>
>> On 8/28/18 10:16 AM, oleg gv via Snort-users wrote:
>>
>> Hello, I'm tring to use snort3 with unified2 = {...} options in config
>> and barnyar2 to process logs.
>>
>> Barn2 need gen-msg.map and sid-msg.map files and classifications/refernce
>> files.
>>
>> Where to get them in snort3 or snort3-rules packages ? No *.map files
>> found here.
>>
>> Is it possible to run snort3 with barny2 ?
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> Snort-users mailing listSnort-users at lists.snort.org
>> Go to this URL to change user options or unsubscribe:https://lists.snort.org/mailman/listinfo/snort-users
>>
>> 	To unsubscribe, send an email to:
>> 	snort-users-leave at lists.snort.org
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>
>> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
>>
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.snort.org
>> Go to this URL to change user options or unsubscribe:
>> https://lists.snort.org/mailman/listinfo/snort-users
>>
>>         To unsubscribe, send an email to:
>>         snort-users-leave at lists.snort.org
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>> Please follow these rules:
>> https://snort.org/faq/what-is-the-mailing-list-etiquette
>>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
>    To unsubscribe, send an email to:
>    snort-users-leave at lists.snort.org
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180830/db8d0204/attachment.html>


More information about the Snort-users mailing list