Snort mailing list archives

Re: Homebrew unified2 processing vs barnyard2

From: JJ Cummings <cummingsj () gmail com>
Date: Mon, 19 Jul 2010 08:42:44 -1000

Vrybdpkt released a pm that can be used for unified2 parsing... It's on sourceforge...

Sent from the iRoad

On Jul 19, 2010, at 8:35, beenph <beenph () gmail com> wrote:

I personally guess that it depends on your needs and the time you have
to put on your own stuff.
If your previous script was parsing unified files, i would probably be
able to parse unified2 after a few modifications.

-elz


On Mon, Jul 19, 2010 at 2:24 PM, K D <korodev () gmail com> wrote:

Having spent a good amount of time away from snort and trying to get back
into the swing of things, I was wondering what the current consensus was on
barnyard vs homebrew unified2 parsing. Previously, I was doing unified
parsing via a homebrew application, but looking forward, it seems like
barnyard2 is the popular, stable, and standard app for the job. Anyone
willing to persuade me otherwise?
Also, are you guys using any perl or python (preferred) libraries for
unified2 file access? If so, what role do these play in your current
configuration and how are they used in conjunction with or instead of
barnyard?
\\korodev

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Homebrew unified2 processing vs barnyard2 K D (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 Joel Esler (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 beenph (Jul 19)
  - Re: Homebrew unified2 processing vs barnyard2 JJ Cummings (Jul 19)
  - Re: Homebrew unified2 processing vs barnyard2 K D (Jul 19)
    - Re: Homebrew unified2 processing vs barnyard2 beenph (Jul 19)
    - Re: Homebrew unified2 processing vs barnyard2 Eoin Miller (Jul 19)
    - Re: Homebrew unified2 processing vs barnyard2 Jason Haar (Jul 19)
    - Re: Homebrew unified2 processing vs barnyard2 K D (Jul 19)