[Oisf-devel] [OT] Barnyard2-1.10 - Beta 1 Release

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Jul 7 15:21:20 UTC 2011


Great news Firnsy!!! THanks!

Question:
Would it be possible to be able to use sid ranges or a sid mask? For example, with the RBN rules we have a few hundred in a specific sid range that need the same block statement. How about a:

204000-204499: src,30 days;

Or maybe a wildcard, etc?

Thanks!

Matt

On Jul 7, 2011, at 10:09 AM, firnsy wrote:

> G'day guys and gals,
> 
> If you haven't noticed already, the first beta release of what will 
> become barnyard2-1.10 was tagged the other day on github. This was a 
> significant milestone that was only enabled by the OISF team and their 
> generous contributions. Thanks again!
> 
> I was going to push this first beta a week ago but have spent the past 
> few days cleaning up the documentation, some old and pesky bugs and even 
> added a small utility.
> 
> So what are the notable includes/updates from the 1.9 release:
>   * A new output plugin for communication with SnortSam instances.
>   * Upgraded unified2 handling to latest unified2 standard [1].
>   * Improved handling of Sguil agent registration timeouts. Thanks to 
> Victor Julien.
> 
> Some other worthy mentions from the previous stable release include:
>   * Fixed signature loading issue that resulted in a rogue space being 
> appended to messages.
>   * Fixed compile issue with IPv6 enabled.
>   * Fixed compile issue with TCL and PostgreSQL combinations.
>   * Added support for new DLT_IPV4 and DLT_IPV6 link types introduced 
> with Snort's new DAQ library.
> 
> The old project pages are still being reworked with the server change, 
> so if you want to try it out you will need to become a little familiar 
> with github (it'll be worth it).
> 
> So please go forth, download [2], compile, use and abuse. Be sure to 
> send any feedback good or otherwise back to us.
> 
> - firnsy
> 
> [1] No output plugins currently utilise the extra data.
> [2] http://www.github.com/firnsy/barnyard2
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc






More information about the Oisf-devel mailing list