[Oisf-users] Request for Anonymized Unified2 samples

beenph beenph at gmail.com
Tue Jan 31 13:11:56 UTC 2012

Greetings everyone,

since we have limited number of sample unified2 files we would like,
if possible; to get submission of
anonymized unified2 file containg  a wide range of events and packets
and hopefully EXTRA DATA
so we can stress test the new spooler design and the new schema.

If you end up submitting a anonymized unified2 file, it would be
greatly appreciated to also have the following elements:
- snort version and
- sid-msg.map  <file>
- gid-msg.map <file>
- classification.config <file>

You can anonymize your unified2 file by using u2_anon found @

Note that plain original submission would also be appreciated.
All the file we receive will exclusively be used for testing and
debugging purpos and no information will be shared without permission
(for example if an issue in the structure of the unified2 is found and
the file need to be sended to SourceFire or OISF for details).

You can allways verify that your anonymized unified2 file does not
contain any data by using u2spewfoo (found in /tools/u2spewfoo in the
snort tarball).

This would be really appreciated.

Note that If your unified2 file is to big to get attached to a e-mail
do not hesitate to send us a link where we could download it.

Thanks you in advance,

Barnyard2 Team.

Ian Firns <firnsy , , gmail.com>
Eric Lauzon <beenph , , gmail.com

More information about the Oisf-users mailing list