[Oisf-users] Suricata 3.0 is out!

Victor Julien lists at inliniac.net
Thu Jan 28 14:44:34 UTC 2016


On 28-01-16 15:43, Michał Purzyński wrote:
> 6 sensors all around the world up to 30 Gbit of traffic in total, stable
> as rock.

That's great to hear!

Keep in mind though that this is not a release in any form. It's a
development branch. So treat it with care.

Cheers,
Victor

> 
> On 28 Jan 2016, at 15:41, Yasha Zislin <coolyasha at hotmail.com
> <mailto:coolyasha at hotmail.com>> wrote:
> 
>> Erich,
>>
>> THanks for the info. I will give it a shot.
>> How stable is this release? good enough for production?
>>
>> > Date: Thu, 28 Jan 2016 14:26:43 +0100
>> > From: erich.lerch at gmail.com <mailto:erich.lerch at gmail.com>
>> > To: oisf-users at lists.openinfosecfoundation.org
>> <mailto:oisf-users at lists.openinfosecfoundation.org>
>> > Subject: Re: [Oisf-users] Suricata 3.0 is out!
>> >
>> > Yasha,
>> >
>> > 1. get the zip from
>> > https://github.com/inliniac/suricata/tree/dev-detect-grouping-v174
>> > 2. unzip
>> > 3. cd suricata-dev-detect-grouping-v174
>> > 4. git clone https://github.com/ironbee/libhtp
>> > 5. ./autogen.sh
>> >
>> > And now everything as usual, "./configure" with the params you usually
>> > use/need, and "make".
>> >
>> > suricata.yaml: basically you exchange the block "detect-engine" with
>> > the new variant from the config included in the zip (now called
>> > "detect").
>> >
>> >
>> > That's it... have fun
>> > erich
>> >
>> >
>> > 2016-01-28 13:10 GMT+01:00 Yasha Zislin <coolyasha at hotmail.com
>> <mailto:coolyasha at hotmail.com>>:
>> > > Can somebody advise on how to compile with this grouping? and what
>> is it
>> > > exactly?
>> > >
>> > > Thanks.
>> > >
>> > >> Date: Wed, 27 Jan 2016 22:49:57 +0100
>> > >> From: petermanev at gmail.com <mailto:petermanev at gmail.com>
>> > >> To: gfaulkner.nsm at gmail.com <mailto:gfaulkner.nsm at gmail.com>
>> > >> CC: oisf-users at lists.openinfosecfoundation.org
>> <mailto:oisf-users at lists.openinfosecfoundation.org>
>> > >> Subject: Re: [Oisf-users] Suricata 3.0 is out!
>> > >>
>> > >> On Wed, Jan 27, 2016 at 9:37 PM, Gary Faulkner
>> <gfaulkner.nsm at gmail.com <mailto:gfaulkner.nsm at gmail.com>>
>> > >> wrote:
>> > >> > Thanks for the replies folks, that is what I was hoping to know.
>> > >> >
>> > >> >
>> > >> > On 1/27/16 1:45 PM, Erich Lerch wrote:
>> > >> >>
>> > >> >> I have dev-detect-grouping-v174 running on one system.
>> > >> >> Seems to be as stable as 3.0RC3 (didn't run 3.0final yet), I
>> had no
>> > >> >> problems so far. And performance is better, yes. Start-up time is
>> > >> >> spectacularly better with big custom detect groups.
>> > >> >>
>> > >>
>> > >> I have only seen positive performance from
>> dev-detect-grouping-v174 as
>> > >> well.
>> > >
>> > >>
>> > >>
>> > >> >> Cheers,
>> > >> >> erich
>> > >> >>
>> > >> >>
>> > >> >>
>> > >> >> On 27.01.2016 19:14, Gary Faulkner wrote:
>> > >> >>>
>> > >> >>> I did take a look at Redmine, but I didn't see obvious
>> answers to a
>> > >> >>> couple questions. Did the stuff from the dev-grouping code
>> branch make
>> > >> >>> it into this release? The discussion about the grouping code
>> looked
>> > >> >>> very
>> > >> >>> promising for performance, so if it didn't make it's way in,
>> is there
>> > >> >>> an
>> > >> >>> ETA, or is there a dev branch that is fairly well synced up with
>> > >> >>> release
>> > >> >>> at this point or that folks have tried and feel is worth
>> giving a go
>> > >> >>> in
>> > >> >>> production? Also is PF_RING ZC now supported and working
>> correctly? I
>> > >> >>> recall seeing that NTOP had interacted with the Suricata team
>> at one
>> > >> >>> point to resolve an issue there, but don't see anything about
>> it in
>> > >> >>> the
>> > >> >>> release notes.
>> > >> >>>
>> > >> >>> Regards,
>> > >> >>> Gary
>> > >> >>>
>> > >> >>> On 1/27/16 8:14 AM, Victor Julien wrote:
>> > >> >>>>
>> > >> >>>> We're proud to announce Suricata 3.0. This is a major new
>> release
>> > >> >>>> improving Suricata on many fronts.
>> > >> >>>>
>> > >> >>>> *Download*
>> > >> >>>>
>> http://www.openinfosecfoundation.org/download/suricata-3.0.tar.gz
>> > >> >>>>
>> > >> >>>>
>> > >> >>>> *Features and Improvements*
>> > >> >>>>
>> > >> >>>> - improved detection options, including multi-tenancy and xbits
>> > >> >>>> - performance and scalability much improved
>> > >> >>>> - much improved accuracy and robustness
>> > >> >>>> - Lua scripting capabilities expanded significantly
>> > >> >>>> - many output improvements, including much more JSON
>> > >> >>>> - NETMAP capture method support, especially interesting to
>> FreeBSD
>> > >> >>>> users
>> > >> >>>> - SMTP inspection and file extraction
>> > >> >>>>
>> > >> >>>> For a full list of features added, please see:
>> > >> >>>> https://redmine.openinfosecfoundation.org/versions/80
>> > >> >>>>
>> > >> >>>>
>> > >> >>>> *Upgrading*
>> > >> >>>>
>> > >> >>>> Upgrades from 2.0 to 3.0 should be mostly seamless. Here are
>> some
>> > >> >>>> notes:
>> > >> >>>>
>> > >> >>>>
>> > >> >>>>
>> > >> >>>>
>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_20_to_Suricata_30
>> > >> >>>>
>> > >> >>>>
>> > >> >>>>
>> > >> >>>> *Special thanks*
>> > >> >>>>
>> > >> >>>> We'd like to thank the following people and corporations for
>> their
>> > >> >>>> contributions and feedback:
>> > >> >>>>
>> > >> >>>> FireEye, ProtectWise, ANSSI, Emerging Threats /
>> > >> >>>> Proofpoint, Stamus Networks, Ntop, AFL project, CoverityScan
>> > >> >>>>
>> > >> >>>> Aaron Campbell, Aleksey Katargin, Alessandro Guido,
>> > >> >>>> Alexander Gozman, Alexandre Macabies, Alfredo Cardigliano,
>> > >> >>>> Andreas Moe, Anoop Saldanha, Antti Tönkyrä, Bill Meeks,
>> > >> >>>> Darien Huss, David Abarbanel, David Cannings, David Diallo,
>> > >> >>>> David Maciejak, Duarte Silva, Eduardo Arada, Giuseppe Longo,
>> > >> >>>> Greg Siemon, Hayder Sinan, Helmut Schaa, Jason Ish,
>> > >> >>>> Jeff Barber, Ken Steele, lessyv, Mark Webb-Johnson,
>> > >> >>>> Mats Klepsland, Matt Carothers, Michael Rash, Nick Jones,
>> > >> >>>> Pierre Chifflier, Ray Ruvinskiy, Samiux A, Schnaffon,
>> > >> >>>> Stephen Donnelly, sxhlinux, Tom DeCanio, Torgeir Natvig,
>> > >> >>>> Travis Green, Zachary Rasmor
>> > >> >>>>
>> > >> >>>>
>> > >> >>>> *About Suricata*
>> > >> >>>>
>> > >> >>>> Suricata is a high performance Network IDS, IPS and Network
>> Security
>> > >> >>>> Monitoring engine. Open Source and owned by a community run
>> > >> >>>> non-profit
>> > >> >>>> foundation, the Open Information Security Foundation (OISF).
>> Suricata
>> > >> >>>> is
>> > >> >>>> developed by the OISF, its supporting vendors and the community.
>> > >> >>>>
>> > >> >>>> November 9-11 we'll be in Washington, DC, for our 2nd
>> Suricata User
>> > >> >>>> Conference: http://oisfevents.net
>> > >> >>>>
>> > >> >>>> If you need help installing, updating, validating and tuning
>> Suricata
>> > >> >>>> we
>> > >> >>>> have a training program. Please see
>> http://suricata-ids.org/training/
>> > >> >>>>
>> > >> >>>> For support options also see http://suricata-ids.org/support/
>> > >> >>>>
>> > >> >>> _______________________________________________
>> > >> >>> Suricata IDS Users mailing list:
>> oisf-users at openinfosecfoundation.org
>> <mailto:oisf-users at openinfosecfoundation.org>
>> > >> >>> Site: http://suricata-ids.org | Support:
>> > >> >>> http://suricata-ids.org/support/
>> > >> >>> List:
>> > >> >>>
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > >> >>> Suricata User Conference November 9-11 in Washington, DC:
>> > >> >>> http://oisfevents.net
>> > >> >>
>> > >> >> _______________________________________________
>> > >> >> Suricata IDS Users mailing list:
>> oisf-users at openinfosecfoundation.org
>> <mailto:oisf-users at openinfosecfoundation.org>
>> > >> >> Site: http://suricata-ids.org | Support:
>> > >> >> http://suricata-ids.org/support/
>> > >> >> List:
>> > >> >>
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > >> >> Suricata User Conference November 9-11 in Washington, DC:
>> > >> >> http://oisfevents.net
>> > >> >
>> > >> >
>> > >> > _______________________________________________
>> > >> > Suricata IDS Users mailing list:
>> oisf-users at openinfosecfoundation.org
>> <mailto:oisf-users at openinfosecfoundation.org>
>> > >> > Site: http://suricata-ids.org | Support:
>> > >> > http://suricata-ids.org/support/
>> > >> > List:
>> > >> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > >> > Suricata User Conference November 9-11 in Washington, DC:
>> > >> > http://oisfevents.net
>> > >>
>> > >>
>> > >>
>> > >> --
>> > >> Regards,
>> > >> Peter Manev
>> > >> _______________________________________________
>> > >> Suricata IDS Users mailing list:
>> oisf-users at openinfosecfoundation.org
>> <mailto:oisf-users at openinfosecfoundation.org>
>> > >> Site: http://suricata-ids.org | Support:
>> http://suricata-ids.org/support/
>> > >> List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > >> Suricata User Conference November 9-11 in Washington, DC:
>> > >> http://oisfevents.net
>> > >
>> > > _______________________________________________
>> > > Suricata IDS Users mailing list:
>> oisf-users at openinfosecfoundation.org
>> <mailto:oisf-users at openinfosecfoundation.org>
>> > > Site: http://suricata-ids.org | Support:
>> http://suricata-ids.org/support/
>> > > List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > > Suricata User Conference November 9-11 in Washington, DC:
>> > > http://oisfevents.net
>> > _______________________________________________
>> > Suricata IDS Users mailing list:
>> oisf-users at openinfosecfoundation.org
>> <mailto:oisf-users at openinfosecfoundation.org>
>> > Site: http://suricata-ids.org | Support:
>> http://suricata-ids.org/support/
>> > List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > Suricata User Conference November 9-11 in Washington, DC:
>> http://oisfevents.net
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> <mailto:oisf-users at openinfosecfoundation.org>
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC:
>> http://oisfevents.net
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list