[Oisf-users] Suricata 3.0 is out!

Thu Jan 28 14:41:43 UTC 2016

Erich,
THanks for the info. I will give it a shot.How stable is this release? good enough for production?

> Date: Thu, 28 Jan 2016 14:26:43 +0100
> From: erich.lerch at gmail.com
> To: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Suricata 3.0 is out!
> 
> Yasha,
> 
> 1. get the zip from
> https://github.com/inliniac/suricata/tree/dev-detect-grouping-v174
> 2. unzip
> 3. cd suricata-dev-detect-grouping-v174
> 4. git clone https://github.com/ironbee/libhtp
> 5. ./autogen.sh
> 
> And now everything as usual, "./configure" with the params you usually
> use/need, and "make".
> 
> suricata.yaml: basically you exchange the block "detect-engine" with
> the new variant from the config included in the zip (now called
> "detect").
> 
> 
> That's it... have fun
> erich
> 
> 
> 2016-01-28 13:10 GMT+01:00 Yasha Zislin <coolyasha at hotmail.com>:
> > Can somebody advise on how to compile with this grouping? and what is it
> > exactly?
> >
> > Thanks.
> >
> >> Date: Wed, 27 Jan 2016 22:49:57 +0100
> >> From: petermanev at gmail.com
> >> To: gfaulkner.nsm at gmail.com
> >> CC: oisf-users at lists.openinfosecfoundation.org
> >> Subject: Re: [Oisf-users] Suricata 3.0 is out!
> >>
> >> On Wed, Jan 27, 2016 at 9:37 PM, Gary Faulkner <gfaulkner.nsm at gmail.com>
> >> wrote:
> >> > Thanks for the replies folks, that is what I was hoping to know.
> >> >
> >> >
> >> > On 1/27/16 1:45 PM, Erich Lerch wrote:
> >> >>
> >> >> I have dev-detect-grouping-v174 running on one system.
> >> >> Seems to be as stable as 3.0RC3 (didn't run 3.0final yet), I had no
> >> >> problems so far. And performance is better, yes. Start-up time is
> >> >> spectacularly better with big custom detect groups.
> >> >>
> >>
> >> I have only seen positive performance from dev-detect-grouping-v174 as
> >> well.
> >
> >>
> >>
> >> >> Cheers,
> >> >> erich
> >> >>
> >> >>
> >> >>
> >> >> On 27.01.2016 19:14, Gary Faulkner wrote:
> >> >>>
> >> >>> I did take a look at Redmine, but I didn't see obvious answers to a
> >> >>> couple questions. Did the stuff from the dev-grouping code branch make
> >> >>> it into this release? The discussion about the grouping code looked
> >> >>> very
> >> >>> promising for performance, so if it didn't make it's way in, is there
> >> >>> an
> >> >>> ETA, or is there a dev branch that is fairly well synced up with
> >> >>> release
> >> >>> at this point or that folks have tried and feel is worth giving a go
> >> >>> in
> >> >>> production? Also is PF_RING ZC now supported and working correctly? I
> >> >>> recall seeing that NTOP had interacted with the Suricata team at one
> >> >>> point to resolve an issue there, but don't see anything about it in
> >> >>> the
> >> >>> release notes.
> >> >>>
> >> >>> Regards,
> >> >>> Gary
> >> >>>
> >> >>> On 1/27/16 8:14 AM, Victor Julien wrote:
> >> >>>>
> >> >>>> We're proud to announce Suricata 3.0. This is a major new release
> >> >>>> improving Suricata on many fronts.
> >> >>>>
> >> >>>> *Download*
> >> >>>> http://www.openinfosecfoundation.org/download/suricata-3.0.tar.gz
> >> >>>>
> >> >>>>
> >> >>>> *Features and Improvements*
> >> >>>>
> >> >>>> - improved detection options, including multi-tenancy and xbits
> >> >>>> - performance and scalability much improved
> >> >>>> - much improved accuracy and robustness
> >> >>>> - Lua scripting capabilities expanded significantly
> >> >>>> - many output improvements, including much more JSON
> >> >>>> - NETMAP capture method support, especially interesting to FreeBSD
> >> >>>> users
> >> >>>> - SMTP inspection and file extraction
> >> >>>>
> >> >>>> For a full list of features added, please see:
> >> >>>> https://redmine.openinfosecfoundation.org/versions/80
> >> >>>>
> >> >>>>
> >> >>>> *Upgrading*
> >> >>>>
> >> >>>> Upgrades from 2.0 to 3.0 should be mostly seamless. Here are some
> >> >>>> notes:
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_20_to_Suricata_30
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> *Special thanks*
> >> >>>>
> >> >>>> We'd like to thank the following people and corporations for their
> >> >>>> contributions and feedback:
> >> >>>>
> >> >>>> FireEye, ProtectWise, ANSSI, Emerging Threats /
> >> >>>> Proofpoint, Stamus Networks, Ntop, AFL project, CoverityScan
> >> >>>>
> >> >>>> Aaron Campbell, Aleksey Katargin, Alessandro Guido,
> >> >>>> Alexander Gozman, Alexandre Macabies, Alfredo Cardigliano,
> >> >>>> Andreas Moe, Anoop Saldanha, Antti Tönkyrä, Bill Meeks,
> >> >>>> Darien Huss, David Abarbanel, David Cannings, David Diallo,
> >> >>>> David Maciejak, Duarte Silva, Eduardo Arada, Giuseppe Longo,
> >> >>>> Greg Siemon, Hayder Sinan, Helmut Schaa, Jason Ish,
> >> >>>> Jeff Barber, Ken Steele, lessyv, Mark Webb-Johnson,
> >> >>>> Mats Klepsland, Matt Carothers, Michael Rash, Nick Jones,
> >> >>>> Pierre Chifflier, Ray Ruvinskiy, Samiux A, Schnaffon,
> >> >>>> Stephen Donnelly, sxhlinux, Tom DeCanio, Torgeir Natvig,
> >> >>>> Travis Green, Zachary Rasmor
> >> >>>>
> >> >>>>
> >> >>>> *About Suricata*
> >> >>>>
> >> >>>> Suricata is a high performance Network IDS, IPS and Network Security
> >> >>>> Monitoring engine. Open Source and owned by a community run
> >> >>>> non-profit
> >> >>>> foundation, the Open Information Security Foundation (OISF). Suricata
> >> >>>> is
> >> >>>> developed by the OISF, its supporting vendors and the community.
> >> >>>>
> >> >>>> November 9-11 we'll be in Washington, DC, for our 2nd Suricata User
> >> >>>> Conference: http://oisfevents.net
> >> >>>>
> >> >>>> If you need help installing, updating, validating and tuning Suricata
> >> >>>> we
> >> >>>> have a training program. Please see http://suricata-ids.org/training/
> >> >>>>
> >> >>>> For support options also see http://suricata-ids.org/support/
> >> >>>>
> >> >>> _______________________________________________
> >> >>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> >> >>> Site: http://suricata-ids.org | Support:
> >> >>> http://suricata-ids.org/support/
> >> >>> List:
> >> >>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >> >>> Suricata User Conference November 9-11 in Washington, DC:
> >> >>> http://oisfevents.net
> >> >>
> >> >> _______________________________________________
> >> >> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> >> >> Site: http://suricata-ids.org | Support:
> >> >> http://suricata-ids.org/support/
> >> >> List:
> >> >> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >> >> Suricata User Conference November 9-11 in Washington, DC:
> >> >> http://oisfevents.net
> >> >
> >> >
> >> > _______________________________________________
> >> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> >> > Site: http://suricata-ids.org | Support:
> >> > http://suricata-ids.org/support/
> >> > List:
> >> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >> > Suricata User Conference November 9-11 in Washington, DC:
> >> > http://oisfevents.net
> >>
> >>
> >>
> >> --
> >> Regards,
> >> Peter Manev
> >> _______________________________________________
> >> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> >> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> >> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >> Suricata User Conference November 9-11 in Washington, DC:
> >> http://oisfevents.net
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 9-11 in Washington, DC:
> > http://oisfevents.net
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160128/8c5e6d38/attachment-0002.html>