[Oisf-users] Suricata and Barnyard2

Cooper F. Nelson cnelson at ucsd.edu
Wed Mar 13 18:11:31 UTC 2019

Those formats/tools are essentially EOL and everyone should be thinking
about turning them down.

The better way these days is to use the eve JSON logs and send the
base64 encoded payloads to a SIEM, like splunk or one of its open source


On 3/13/2019 10:50 AM, Greg Grasmehr wrote:
> Hello,
> Wondering if anyone else is using Unified2 output from Suricata to be
> read by Barnyard2?  I'm asking because I notice that one of the map
> files required by Barnyard2, gen-msg.map, is pretty much nonexistent
> these days in terms of updates, our version is very old.
> Barnyard2 seems to require this map file in order to operate correctly
> and since Barnyard2 itself has not been updated in years, I am wondering
> if anyone knows of a way to generate appropriate gen-msg.map files OR if
> there is indeed a better way to handle Unified2 output format these days
> in terms of parsing and syslogging the event data and pcap information?
> Thanks in advance for any helpful suggestions.
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190313/ef08fca5/attachment-0001.sig>

More information about the Oisf-users mailing list