[Oisf-users] Suricata and Barnyard2

Champ Clark III cclark at quadrantsec.com
Thu Mar 14 21:22:31 UTC 2019

Hello Greg, 

You might want to look into "Meer" (https://github.com/bevae/meer).  It works a lot like Barnyard2 but
rather than following unified2 output,  it follows Suricata EVE alert files.   It uses a very similar 
schema that Barnyard2 uses (so it's compatible with tools like Snorby, Squil, etc).   It also adds
on some extra functionality and is more light weight. 

I should also point out that Suricata at some point will no longer support unified2.

----- Original Message -----
From: "Greg Grasmehr" <greg.grasmehr at caltech.edu>
To: "oisf-users" <oisf-users at lists.openinfosecfoundation.org>
Sent: Wednesday, March 13, 2019 1:50:49 PM
Subject: [Oisf-users] Suricata and Barnyard2


Wondering if anyone else is using Unified2 output from Suricata to be
read by Barnyard2?  I'm asking because I notice that one of the map
files required by Barnyard2, gen-msg.map, is pretty much nonexistent
these days in terms of updates, our version is very old.

Barnyard2 seems to require this map file in order to operate correctly
and since Barnyard2 itself has not been updated in years, I am wondering
if anyone knows of a way to generate appropriate gen-msg.map files OR if
there is indeed a better way to handle Unified2 output format these days
in terms of parsing and syslogging the event data and pcap information?

Thanks in advance for any helpful suggestions.


Greg Grasmehr
Lead Information Security Analyst
California Institute of Technology (Caltech)
GPGMe: 38E2 F9BD A95E 9824 20AB  331A 9E29 D1A1 AAEE 5F42
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2128 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190314/ba999293/attachment.bin>

More information about the Oisf-users mailing list