[Oisf-users] [EXT] Suricata and Barnyard2
Cloherty, Sean E
scloherty at mitre.org
Wed Mar 13 17:52:57 UTC 2019
Yes -
Oinkmaster is one of the tools which will do this for you.
-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Greg Grasmehr
Sent: Wednesday, March 13, 2019 1:51 PM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [EXT] [Oisf-users] Suricata and Barnyard2
Hello,
Wondering if anyone else is using Unified2 output from Suricata to be read by Barnyard2? I'm asking because I notice that one of the map files required by Barnyard2, gen-msg.map, is pretty much nonexistent these days in terms of updates, our version is very old.
Barnyard2 seems to require this map file in order to operate correctly and since Barnyard2 itself has not been updated in years, I am wondering if anyone knows of a way to generate appropriate gen-msg.map files OR if there is indeed a better way to handle Unified2 output format these days in terms of parsing and syslogging the event data and pcap information?
Thanks in advance for any helpful suggestions.
--
Sincerely,
Greg Grasmehr
Lead Information Security Analyst
California Institute of Technology (Caltech)
GPGMe: 38E2 F9BD A95E 9824 20AB 331A 9E29 D1A1 AAEE 5F42
pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x9E29D1A1AAEE5F42
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list