Snort mailing list archives
Re: Snort3 and barnyard2
From: oleg gv via Snort-users <snort-users () lists snort org>
Date: Thu, 30 Aug 2018 15:17:59 +0300
But in rules archive for snort3 no sid-msg.map file exists. ( https://snort.org/downloads/registered/snortrules-snapshot-3000.tar.gz) So the only way is to use snort2 rules with snort3 and barnyard ? вт, 28 авг. 2018 г. в 21:16, Russ via Snort-users < snort-users () lists snort org>:
Snort 3 does not provide those files. Barnyard2 is woefully out of date
at this point, but you use classification.config and reference.config from
the Snort 2 download. sid-msg.map is in the rules download. gen-msg.map
can be created by running this Snort 3 command:
snort --list-builtin | sed -e "s/ / || /; s/:/ || /" | sort -n -t '|'
-k 1 -k 3
Hope that helps.
Russ
On 8/28/18 10:16 AM, oleg gv via Snort-users wrote:
Hello, I'm tring to use snort3 with unified2 = {...} options in config and
barnyar2 to process logs.
Barn2 need gen-msg.map and sid-msg.map files and classifications/refernce
files.
Where to get them in snort3 or snort3-rules packages ? No *.map files
found here.
Is it possible to run snort3 with barny2 ?
Thanks.
_______________________________________________
Snort-users mailing listSnort-users () lists snort org
Go to this URL to change user options or unsubscribe:https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave () lists snort org
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave () lists snort org
Please visit http://blog.snort.org to stay current on all the latest
Snort news!
Please follow these rules:
https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort3 and barnyard2 oleg gv via Snort-users (Aug 28)
- Re: Snort3 and barnyard2 Russ via Snort-users (Aug 28)
- Re: Snort3 and barnyard2 oleg gv via Snort-users (Aug 30)
- Re: Snort3 and barnyard2 Joel Esler (jesler) via Snort-users (Aug 30)
- Re: Snort3 and barnyard2 oleg gv via Snort-users (Aug 30)
- Re: Snort3 and barnyard2 oleg gv via Snort-users (Aug 30)
- Re: Snort3 and barnyard2 Russ via Snort-users (Aug 28)