Re: Snort++ Build 239

[Marcin Dulak via Snort-users <snort-users () lists snort org>]

On Mon, Aug 7, 2017 at 3:18 PM, Russ via Snort-users <
snort-users () lists snort org> wrote:

> Not aware of any barnyard2 alternatives.  Maybe Joel has some suggestions.
>
> Since I haven't heard anything from the barnyard2 groups, I've resurrected
> the old unified2 logger as unified2x in the extras.  You will need to build
> and install the extras and use --plugin-path to point to the installed
> plugins and then add unified2x = { } (or however you configure it) to your
> snort.lua.  The existing unified2 logger will only generate newer events so
> you must use unified2x instead.  That should get you back to where you were.
>
>
> On 7/31/17 10:08 AM, Jim Campbell wrote:
>
> > I forgot to ask; Is there a viable alternative to Barnyard2? What do you
> > suggest?
you can also try to work with jasonish to get snort support into
https://github.com/jasonish/evebox
Jason is aware of the new buffer type event appearing in snort3:
https://github.com/jasonish/py-idstools/issues/44#issuecomment-290966275

Marcin



> > Jim
> >
> > On 7/31/2017 9:30 AM, Russ wrote:
> >
> > > Snort++ has new record types for u2 output and no longer outputs the
> > > legacy types.  I've contacted the barnyard2 folks to work with them on
> > > updates.
> > >
> > > How are you using barnyard2?  Are you feeding a database?
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!