Home page logo
/

snort logo Snort mailing list archives

Re: Strange happenings with BY2
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Sun, 14 Apr 2013 02:44:04 -0400

More than answers my question -- You gave me some enhancements to add to my
script! I probably should just have the script generate its own BY2 conf
file; would be much cleaner that Way. Regarding download choices, that
sounds like a very good idea-- Had no idea about the tags. Thanks for the
suggestions and explanations. Hope you have a nice weekend.


On Sun, Apr 14, 2013 at 2:15 AM, beenph <beenph () gmail com> wrote:

On Sun, Apr 14, 2013 at 1:33 AM, Tony Robinson
<deusexmachina667 () gmail com> wrote:
Here's what I get when I run barnyard2 with -v:
  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.13-BETA (Build 325)

Current Master is at 2-1.13-BETA Build 325 which
was synced with master just a few days ago.

I would suggest that instead of fetching master you could mabey
get the users to choose which version they want to download
by using the tag page https://github.com/firnsy/barnyard2/tags

ex:
wget --no-check-certificate https://github.com/firnsy/barnyard2/tags -q
grep -B1 tag-name tags
    <a href="https://github.com/firnsy/barnyard2/tree/v2-1.12";>
      <span class="tag-name">v2-1.12</span>
--
    <a href="https://github.com/firnsy/barnyard2/tree/v2-1.11";>
      <span class="tag-name">v2-1.11</span>
--
    <a href="https://github.com/firnsy/barnyard2/tree/v2-1.10-beta2";>
      <span class="tag-name">v2-1.10-beta2</span>
--
    <a href="https://github.com/firnsy/barnyard2/tree/v2-1.10-beta1";>
      <span class="tag-name">v2-1.10-beta1</span>
--
    <a href="https://github.com/firnsy/barnyard2/tree/v2-1.10";>
      <span class="tag-name">v2-1.10</span>
--
    <a href="https://github.com/firnsy/barnyard2/tree/v2-1.9";>
      <span class="tag-name">v2-1.9</span>

And from there you can directly get version

www.github.com/firnsy/barnyard2/archive/vxxxxx.zip or .tar.gz

ex:
firnsy/barnyard2/archive/v2-1.12.zip
or
/firnsy/barnyard2/archive/v2-1.12.tar.gz



- The way my script installs barnyard 2 is that I configure the
barnyard2.conf file via sed-foo and tell it where to find the sid and
gen-msg.map, among other settings.
- I don't trust my sed-foo that much, so I use the -S and -G options to
tell
barnyard2 where to find the sid and gen-msg.map files via the command
line
as a Safety Net of sorts.
- In the past, there would be no conflict here; if the conf file said one
thing and the command line said another, the command line would win and
barnyard 2 would use the -S and -G arguments via the command line.
- With the copy of barnyard 2 I pulled via github, here's the errors I
got:


If i could suggest something to mabey help out: Wouldn't it be
possitble that instead of using sed to replace information in a
templated configuration file,
that the script would actually generate the configuration file? Or
mabey use clear defined marker thus making sed operation more
efficient/less problematic?

ex: ##SID-MAP-FILE##  ##CONFIGURATION-INTERFACE## ##DATABASE-USER##, etc...

- The errors are verbose enough for me to understand what happened, I'm
just
curious what prompted the change in how arguments are parsed/accepted
with
BY2.


The main changes comes with 2-1.13-BETA and support for sid-msg.map v2
format.

This can help prevent issue where people would declare two times
sid-msg.map files
one being v1 and the other being v2.

Also there was some possible issue the way processing of the command
line and the configuration
option where done, thus the "new behavior". Since processing of the
file was done at parsing time and not
at configuration merging time (when command line and configuration is
evaluated).

Now processing is done after configuration and command line is merged
and there is no way to know
if command line or configuration file is the good file, thus the
error, in this case mabey the error should't trigger
since the command line and the configuration line are pointing to the
same file (and i fix this before release).

Hope this answered your question.

-elz




-- 
when does reality end? when does fantasy begin?
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]