[Oisf-users] Suricata 3.0 is out!

Michał Purzyński michalpurzynski1 at gmail.com
Thu Jan 28 14:43:01 UTC 2016 

6 sensors all around the world up to 30 Gbit of traffic in total, stable as rock.

> On 28 Jan 2016, at 15:41, Yasha Zislin <coolyasha at hotmail.com> wrote:
> 
> Erich,
> 
> THanks for the info. I will give it a shot.
> How stable is this release? good enough for production?
> 
> > Date: Thu, 28 Jan 2016 14:26:43 +0100
> > From: erich.lerch at gmail.com
> > To: oisf-users at lists.openinfosecfoundation.org
> > Subject: Re: [Oisf-users] Suricata 3.0 is out!
> > 
> > Yasha,
> > 
> > 1. get the zip from
> > https://github.com/inliniac/suricata/tree/dev-detect-grouping-v174
> > 2. unzip
> > 3. cd suricata-dev-detect-grouping-v174
> > 4. git clone https://github.com/ironbee/libhtp
> > 5. ./autogen.sh
> > 
> > And now everything as usual, "./configure" with the params you usually
> > use/need, and "make".
> > 
> > suricata.yaml: basically you exchange the block "detect-engine" with
> > the new variant from the config included in the zip (now called
> > "detect").
> > 
> > 
> > That's it... have fun
> > erich
> > 
> > 
> > 2016-01-28 13:10 GMT+01:00 Yasha Zislin <coolyasha at hotmail.com>:
> > > Can somebody advise on how to compile with this grouping? and what is it
> > > exactly?
> > >
> > > Thanks.
> > >
> > >> Date: Wed, 27 Jan 2016 22:49:57 +0100
> > >> From: petermanev at gmail.com
> > >> To: gfaulkner.nsm at gmail.com
> > >> CC: oisf-users at lists.openinfosecfoundation.org
> > >> Subject: Re: [Oisf-users] Suricata 3.0 is out!
> > >>
> > >> On Wed, Jan 27, 2016 at 9:37 PM, Gary Faulkner <gfaulkner.nsm at gmail.com>
> > >> wrote:
> > >> > Thanks for the replies folks, that is what I was hoping to know.
> > >> >
> > >> >
> > >> > On 1/27/16 1:45 PM, Erich Lerch wrote:
> > >> >>
> > >> >> I have dev-detect-grouping-v174 running on one system.
> > >> >> Seems to be as stable as 3.0RC3 (didn't run 3.0final yet), I had no
> > >> >> problems so far. And performance is better, yes. Start-up time is
> > >> >> spectacularly better with big custom detect groups.
> > >> >>
> > >>
> > >> I have only seen positive performance from dev-detect-grouping-v174 as
> > >> well.
> > >
> > >>
> > >>
> > >> >> Cheers,
> > >> >> erich
> > >> >>
> > >> >>
> > >> >>
> > >> >> On 27.01.2016 19:14, Gary Faulkner wrote:
> > >> >>>
> > >> >>> I did take a look at Redmine, but I didn't see obvious answers to a
> > >> >>> couple questions. Did the stuff from the dev-grouping code branch make
> > >> >>> it into this release? The discussion about the grouping code looked
> > >> >>> very
> > >> >>> promising for performance, so if it didn't make it's way in, is there
> > >> >>> an
> > >> >>> ETA, or is there a dev branch that is fairly well synced up with
> > >> >>> release
> > >> >>> at this point or that folks have tried and feel is worth giving a go
> > >> >>> in
> > >> >>> production? Also is PF_RING ZC now supported and working correctly? I
> > >> >>> recall seeing that NTOP had interacted with the Suricata team at one
> > >> >>> point to resolve an issue there, but don't see anything about it in
> > >> >>> the
> > >> >>> release notes.
> > >> >>>
> > >> >>> Regards,
> > >> >>> Gary
> > >> >>>
> > >> >>> On 1/27/16 8:14 AM, Victor Julien wrote:
> > >> >>>>
> > >> >>>> We're proud to announce Suricata 3.0. This is a major new release
> > >> >>>> improving Suricata on many fronts.
> > >> >>>>
> > >> >>>> *Download*
> > >> >>>> http://www.openinfosecfoundation.org/download/suricata-3.0.tar.gz
> > >> >>>>
> > >> >>>>
> > >> >>>> *Features and Improvements*
> > >> >>>>
> > >> >>>> - improved detection options, including multi-tenancy and xbits
> > >> >>>> - performance and scalability much improved
> > >> >>>> - much improved accuracy and robustness
> > >> >>>> - Lua scripting capabilities expanded significantly
> > >> >>>> - many output improvements, including much more JSON
> > >> >>>> - NETMAP capture method support, especially interesting to FreeBSD
> > >> >>>> users
> > >> >>>> - SMTP inspection and file extraction
> > >> >>>>
> > >> >>>> For a full list of features added, please see:
> > >> >>>> https://redmine.openinfosecfoundation.org/versions/80
> > >> >>>>
> > >> >>>>
> > >> >>>> *Upgrading*
> > >> >>>>
> > >> >>>> Upgrades from 2.0 to 3.0 should be mostly seamless. Here are some
> > >> >>>> notes:
> > >> >>>>
> > >> >>>>
> > >> >>>>
> > >> >>>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_20_to_Suricata_30
> > >> >>>>
> > >> >>>>
> > >> >>>>
> > >> >>>> *Special thanks*
> > >> >>>>
> > >> >>>> We'd like to thank the following people and corporations for their
> > >> >>>> contributions and feedback:
> > >> >>>>
> > >> >>>> FireEye, ProtectWise, ANSSI, Emerging Threats /
> > >> >>>> Proofpoint, Stamus Networks, Ntop, AFL project, CoverityScan
> > >> >>>>
> > >> >>>> Aaron Campbell, Aleksey Katargin, Alessandro Guido,
> > >> >>>> Alexander Gozman, Alexandre Macabies, Alfredo Cardigliano,
> > >> >>>> Andreas Moe, Anoop Saldanha, Antti Tönkyrä, Bill Meeks,
> > >> >>>> Darien Huss, David Abarbanel, David Cannings, David Diallo,
> > >> >>>> David Maciejak, Duarte Silva, Eduardo Arada, Giuseppe Longo,
> > >> >>>> Greg Siemon, Hayder Sinan, Helmut Schaa, Jason Ish,
> > >> >>>> Jeff Barber, Ken Steele, lessyv, Mark Webb-Johnson,
> > >> >>>> Mats Klepsland, Matt Carothers, Michael Rash, Nick Jones,
> > >> >>>> Pierre Chifflier, Ray Ruvinskiy, Samiux A, Schnaffon,
> > >> >>>> Stephen Donnelly, sxhlinux, Tom DeCanio, Torgeir Natvig,
> > >> >>>> Travis Green, Zachary Rasmor
> > >> >>>>
> > >> >>>>
> > >> >>>> *About Suricata*
> > >> >>>>
> > >> >>>> Suricata is a high performance Network IDS, IPS and Network Security
> > >> >>>> Monitoring engine. Open Source and owned by a community run
> > >> >>>> non-profit
> > >> >>>> foundation, the Open Information Security Foundation (OISF). Suricata
> > >> >>>> is
> > >> >>>> developed by the OISF, its supporting vendors and the community.
> > >> >>>>
> > >> >>>> November 9-11 we'll be in Washington, DC, for our 2nd Suricata User
> > >> >>>> Conference: http://oisfevents.net
> > >> >>>>
> > >> >>>> If you need help installing, updating, validating and tuning Suricata
> > >> >>>> we
> > >> >>>> have a training program. Please see http://suricata-ids.org/training/
> > >> >>>>
> > >> >>>> For support options also see http://suricata-ids.org/support/
> > >> >>>>
> > >> >>> _______________________________________________
> > >> >>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > >> >>> Site: http://suricata-ids.org | Support:
> > >> >>> http://suricata-ids.org/support/
> > >> >>> List:
> > >> >>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >> >>> Suricata User Conference November 9-11 in Washington, DC:
> > >> >>> http://oisfevents.net
> > >> >>
> > >> >> _______________________________________________
> > >> >> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > >> >> Site: http://suricata-ids.org | Support:
> > >> >> http://suricata-ids.org/support/
> > >> >> List:
> > >> >> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >> >> Suricata User Conference November 9-11 in Washington, DC:
> > >> >> http://oisfevents.net
> > >> >
> > >> >
> > >> > _______________________________________________
> > >> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > >> > Site: http://suricata-ids.org | Support:
> > >> > http://suricata-ids.org/support/
> > >> > List:
> > >> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >> > Suricata User Conference November 9-11 in Washington, DC:
> > >> > http://oisfevents.net
> > >>
> > >>
> > >>
> > >> --
> > >> Regards,
> > >> Peter Manev
> > >> _______________________________________________
> > >> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > >> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > >> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >> Suricata User Conference November 9-11 in Washington, DC:
> > >> http://oisfevents.net
> > >
> > > _______________________________________________
> > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > > Suricata User Conference November 9-11 in Washington, DC:
> > > http://oisfevents.net
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160128/4369b748/attachment-0002.html>

More information about the Oisf-users mailing list