Snort mailing list archives
Re: Barnyard2 - v2-1.10 is released
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 27 Sep 2012 19:09:08 -0400
We put our applications and libraries in the proper standard locations. I'm not sure how barnyard2 functions, and pulledpork is a perl script (so it can be placed wherever is my point). But as far as all of us getting together, I tend to think that between all the projects we do a pretty good job of communicating. But we certainly have room for growth. Thanks. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Sep 27, 2012, at 2:04 PM, AllowOverride <allowoverride () gmail com> wrote:
thanks joel, the point here is, standardization. if snort, the A program is compiled with paths in the make file here, then all other programs should follow same paths, not /usr/local/etc/snort, /usr/local/bin/snort, /usr/bin/snort, /etc/snort, /etc/snort/etc, so on so forth, then /etc/snort/lib/snort_dynmaic* /usr/local/lib/snort/snort_dynamic* so on so forth,, make them all the same, as everything is under root / and everything is all over the place, in the pulledpork.pl, pulledpork.conf, the barynard2.conf, /usr/local/etc/snort/barnyard2.conf, /usr/local/snort/barnyard2.conf, so on so forth, then on top of all of that, the options to run snort with paths defined in confs vs paths defined on cmdline. just make it simple. devs at pulledpork barynard, snort should have a conference call and define the friggen paths. thats my point. thanks On Wed, 2012-09-26 at 12:28 -0400, Joel Esler wrote:Oinkmaster and barnyard are two different things. Oinkmaster updates rules. Barnyard2 processes Snort's output. On Sep 26, 2012, at 12:26 PM, AllowOverride <allowoverride () gmail com> wrote:Hello Firnsy folks, quick question: it's been interesting to exactly how interact barnyard interacts with snort, and curious why it was chosen over oinkmaster as the preferred method. I have noticed that usually if a product is incorporated with another, they would have a basic config file that mirrors the file paths, rather than it be say manually configed inside the conf, or in commandline options when run. So, I wonder if you could pass this to the devs and ask if they can try to make it Easier to install with the snort source attained from snort.org. I mean, they state its preferred now over oinkmaster, however, it its not a seemless install. yes I understand linux/unix FS but for it to be much quicker and easier to install with snort would be great! meaning, paths match the same as the snort-2.9.3.1 for example version. also, there is the same issue with pulledpork. paths are all over the place. both snort, and PP, and yes Barnyard2-firnsy the paths can be cumbersome to finagle for first or even 2nd time users. just a heads up, it's not simple and takes days especially when trying to auto script snort, PP, and BY to all work together. pass this on to a friend, thanks, pete On Tue, 2012-09-25 at 18:54 +1000, firnsy wrote:G'day all, It's my great pleasure to finally announce the next stable release of barnyard2 v2-1.10 build(310). After almost 20 months of development and continuous testing from the community we are happy to get this one out to the masses (without the beta tag). This development cycle has seen a lot of changes, refinements and fixes. This will be the last version build arround the old database schema. The next release of barnyard2 will come with new database output that only support the new schema, native IPv6 support and FULL unified2 support for all output plugin. I could go on about the changes, but the wait has been long enough. Here's a summary of the more notable changes: * Additions - spo_database. Support of encrypted connections to postgresql is now available. See README.database for the appropriate options. - spo_sguil. Fixed issue with duplication of alerts. - Completely re-written database plugin for performance optimisation against the original DB schema. NOTE: If you have intentions of running this new version we highly recommended you to clean two databases table for better performance: reference and sig_reference, not doing so will not break anything but could slow the startup caching process). - New Bro output plugin (thanks to Seth Hall) - A new syslog plugin (syslog_full) that support local and remote TCP and UDP syslog. * Improvements - Improved support against the latest Unified 2 format. Extended headers are read, however no plugins use the information currently. - Improved core IPv6 support. - Compile under cygwin - And many, many bugfixes. You can download the source in a number of ways: - https://github.com/firnsy/barnyard2/tags (as a zip/tarball) - git://github.com/firnsy/barnyard2.git (via a git clone) I would like to pay a special thanks to Eric Lauzon (the newest member of the core development team) and the many people who have helped along the road: Russell Fulton, Tim Shelton, JJ Cummings. Michael Steele, Brett Edgar, Bill Parker, Miguel Alvarez, Martin Holste, Jason Haar and any others who I may have missed. Regards, - firnsy ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Barnyard2 - v2-1.10 is released, (continued)
- Re: Barnyard2 - v2-1.10 is released beenph (Sep 25)
- Re: [Snort-devel] Barnyard2 - v2-1.10 is released Michael Steele (Sep 26)
- Re: [Snort-devel] Barnyard2 - v2-1.10 is released beenph (Sep 26)
- Re: [Snort-devel] Barnyard2 - v2-1.10 is released Michael Steele (Sep 26)
- Re: [Snort-devel] Barnyard2 - v2-1.10 is released beenph (Sep 26)
- Re: Barnyard2 - v2-1.10 is released Joel Esler (Sep 26)
- Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 27)
- Re: Barnyard2 - v2-1.10 is released beenph (Sep 27)
- Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 27)
- Re: Barnyard2 - v2-1.10 is released Joel Esler (Sep 27)
- Re: Barnyard2 - v2-1.10 is released beenph (Sep 27)
- Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 27)
- Re: Barnyard2 - v2-1.10 is released Nigel Houghton (Sep 28)
- Message not available
- Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 28)