[Oisf-users] Suricata 3.0 is out!

Erich Lerch erich.lerch at gmail.com
Thu Jan 28 13:26:43 UTC 2016 

Yasha,

1. get the zip from
https://github.com/inliniac/suricata/tree/dev-detect-grouping-v174
2. unzip
3. cd suricata-dev-detect-grouping-v174
4. git clone https://github.com/ironbee/libhtp
5. ./autogen.sh

And now everything as usual, "./configure" with the params you usually
use/need, and "make".

suricata.yaml: basically you exchange the block "detect-engine" with
the new variant from the config included in the zip (now called
"detect").


That's it... have fun
erich


2016-01-28 13:10 GMT+01:00 Yasha Zislin <coolyasha at hotmail.com>:
> Can somebody advise on how to compile with this grouping? and what is it
> exactly?
>
> Thanks.
>
>> Date: Wed, 27 Jan 2016 22:49:57 +0100
>> From: petermanev at gmail.com
>> To: gfaulkner.nsm at gmail.com
>> CC: oisf-users at lists.openinfosecfoundation.org
>> Subject: Re: [Oisf-users] Suricata 3.0 is out!
>>
>> On Wed, Jan 27, 2016 at 9:37 PM, Gary Faulkner <gfaulkner.nsm at gmail.com>
>> wrote:
>> > Thanks for the replies folks, that is what I was hoping to know.
>> >
>> >
>> > On 1/27/16 1:45 PM, Erich Lerch wrote:
>> >>
>> >> I have dev-detect-grouping-v174 running on one system.
>> >> Seems to be as stable as 3.0RC3 (didn't run 3.0final yet), I had no
>> >> problems so far. And performance is better, yes. Start-up time is
>> >> spectacularly better with big custom detect groups.
>> >>
>>
>> I have only seen positive performance from dev-detect-grouping-v174 as
>> well.
>
>>
>>
>> >> Cheers,
>> >> erich
>> >>
>> >>
>> >>
>> >> On 27.01.2016 19:14, Gary Faulkner wrote:
>> >>>
>> >>> I did take a look at Redmine, but I didn't see obvious answers to a
>> >>> couple questions. Did the stuff from the dev-grouping code branch make
>> >>> it into this release? The discussion about the grouping code looked
>> >>> very
>> >>> promising for performance, so if it didn't make it's way in, is there
>> >>> an
>> >>> ETA, or is there a dev branch that is fairly well synced up with
>> >>> release
>> >>> at this point or that folks have tried and feel is worth giving a go
>> >>> in
>> >>> production? Also is PF_RING ZC now supported and working correctly? I
>> >>> recall seeing that NTOP had interacted with the Suricata team at one
>> >>> point to resolve an issue there, but don't see anything about it in
>> >>> the
>> >>> release notes.
>> >>>
>> >>> Regards,
>> >>> Gary
>> >>>
>> >>> On 1/27/16 8:14 AM, Victor Julien wrote:
>> >>>>
>> >>>> We're proud to announce Suricata 3.0. This is a major new release
>> >>>> improving Suricata on many fronts.
>> >>>>
>> >>>> *Download*
>> >>>> http://www.openinfosecfoundation.org/download/suricata-3.0.tar.gz
>> >>>>
>> >>>>
>> >>>> *Features and Improvements*
>> >>>>
>> >>>> - improved detection options, including multi-tenancy and xbits
>> >>>> - performance and scalability much improved
>> >>>> - much improved accuracy and robustness
>> >>>> - Lua scripting capabilities expanded significantly
>> >>>> - many output improvements, including much more JSON
>> >>>> - NETMAP capture method support, especially interesting to FreeBSD
>> >>>> users
>> >>>> - SMTP inspection and file extraction
>> >>>>
>> >>>> For a full list of features added, please see:
>> >>>> https://redmine.openinfosecfoundation.org/versions/80
>> >>>>
>> >>>>
>> >>>> *Upgrading*
>> >>>>
>> >>>> Upgrades from 2.0 to 3.0 should be mostly seamless. Here are some
>> >>>> notes:
>> >>>>
>> >>>>
>> >>>>
>> >>>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_20_to_Suricata_30
>> >>>>
>> >>>>
>> >>>>
>> >>>> *Special thanks*
>> >>>>
>> >>>> We'd like to thank the following people and corporations for their
>> >>>> contributions and feedback:
>> >>>>
>> >>>> FireEye, ProtectWise, ANSSI, Emerging Threats /
>> >>>> Proofpoint, Stamus Networks, Ntop, AFL project, CoverityScan
>> >>>>
>> >>>> Aaron Campbell, Aleksey Katargin, Alessandro Guido,
>> >>>> Alexander Gozman, Alexandre Macabies, Alfredo Cardigliano,
>> >>>> Andreas Moe, Anoop Saldanha, Antti Tönkyrä, Bill Meeks,
>> >>>> Darien Huss, David Abarbanel, David Cannings, David Diallo,
>> >>>> David Maciejak, Duarte Silva, Eduardo Arada, Giuseppe Longo,
>> >>>> Greg Siemon, Hayder Sinan, Helmut Schaa, Jason Ish,
>> >>>> Jeff Barber, Ken Steele, lessyv, Mark Webb-Johnson,
>> >>>> Mats Klepsland, Matt Carothers, Michael Rash, Nick Jones,
>> >>>> Pierre Chifflier, Ray Ruvinskiy, Samiux A, Schnaffon,
>> >>>> Stephen Donnelly, sxhlinux, Tom DeCanio, Torgeir Natvig,
>> >>>> Travis Green, Zachary Rasmor
>> >>>>
>> >>>>
>> >>>> *About Suricata*
>> >>>>
>> >>>> Suricata is a high performance Network IDS, IPS and Network Security
>> >>>> Monitoring engine. Open Source and owned by a community run
>> >>>> non-profit
>> >>>> foundation, the Open Information Security Foundation (OISF). Suricata
>> >>>> is
>> >>>> developed by the OISF, its supporting vendors and the community.
>> >>>>
>> >>>> November 9-11 we'll be in Washington, DC, for our 2nd Suricata User
>> >>>> Conference: http://oisfevents.net
>> >>>>
>> >>>> If you need help installing, updating, validating and tuning Suricata
>> >>>> we
>> >>>> have a training program. Please see http://suricata-ids.org/training/
>> >>>>
>> >>>> For support options also see http://suricata-ids.org/support/
>> >>>>
>> >>> _______________________________________________
>> >>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> >>> Site: http://suricata-ids.org | Support:
>> >>> http://suricata-ids.org/support/
>> >>> List:
>> >>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >>> Suricata User Conference November 9-11 in Washington, DC:
>> >>> http://oisfevents.net
>> >>
>> >> _______________________________________________
>> >> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> >> Site: http://suricata-ids.org | Support:
>> >> http://suricata-ids.org/support/
>> >> List:
>> >> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >> Suricata User Conference November 9-11 in Washington, DC:
>> >> http://oisfevents.net
>> >
>> >
>> > _______________________________________________
>> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> > Site: http://suricata-ids.org | Support:
>> > http://suricata-ids.org/support/
>> > List:
>> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > Suricata User Conference November 9-11 in Washington, DC:
>> > http://oisfevents.net
>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC:
>> http://oisfevents.net
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net

More information about the Oisf-users mailing list