Snort mailing list archives
Re: Fwd: [barnyard2-devel] Barnyard v2-1.13 released.
From: beenph <beenph () gmail com>
Date: Wed, 15 May 2013 11:11:50 -0400
Its OS dependant but technically if you use kill -l you should get the list of available signals for your system and use kill -XX where XX is the signal ID for USR1 and drop stats. -elz On Wed, May 15, 2013 at 7:54 AM, Nicholas Horton <fivetenets () me com> wrote:
What is the USR1 command to dump the stats of snort or barnyard? Nick On May 14, 2013, at 1:19 PM, beenph <beenph () gmail com> wrote:Information below :) Addmentum: 2-1.13 also now cleanly support HUP and USR1(print unified2 processing stats) Enjoy. -elz ---------- Forwarded message ---------- From: firnsy <firnsy () gmail com> Date: Tue, May 14, 2013 at 7:50 AM Subject: [barnyard2-devel] Barnyard v2-1.13 released. To: barnyard2-devel () googlegroups com G'day All, We are happy to announce the latest STABLE release v2.1-13 which was tagged a few hours ago (https://github.com/firnsy/barnyard2/tags) This release is a bug fix release that also introduce a few new features and enhancements. UPGRADE REQUIREMENTS If you are upgrading to barnyard2 2-1.13 (build 327) or above from a previous version and using output database. You will need to delete every row in your sig_reference table. (DELETE FROM sig_reference;) The table will be re-populated at startup, and has no impact on historical data. FEATURE REQUESTS Phil Daws - add interface and hostname field to spo_alert_csv if specified. Jorge Pinto - spo_syslog_full support for ASCII,BASE64 payload Jason Brvenik - variables ... (a long time ago, sorry :P) Martin Olsson - remove some useless verbosity unless ./configure --enable-debug is specified and proper flag are used (spo_database and sid-msg.mapv2) All other barnyard2 users who help and contribute. BUG REPORTS Martin Olsson - bug in sig_reference generation and good discussions. Rewrote the code & al John Eure and others - autogen.sh could cause some issue on some system so [autoreconf -fv --install] is not set to autoreconf -fvi John Naggets - spo_database: could stop barnyard2 from processing new event if some packets with ip option where processed and option_len was null. Fäbu Hufi - spo_syslog_full: in complete mode was printing wrong ip version information and ip header length. Jeremy Hoel - identified issue with suppression range in 2-1.13-BETA (fixed in release) Bill Green - identified is with signature insertion mainly preprocessor in 2-1.13-BETA (fixed in release) All other barnyard2 users who help and contribute. NEW FEATURES 1. Support for sid-msg.map version 2 format. A new sig-msg.map format can be generated by pulledpok (upcomming release, already in svn). Detection of sid-msg.map version is done by a simple header in the file that shouldn't be altered if you want it to be processed correctly. The sig-msg.map version 2 format extends the information already present in the sid-msg.map file created from rules. This new format version allow signature pre-population if users are using output database method with barnyard2 2-1.13 and above. sid-msg.map v1 format: SID || MSG || REF 1 || REF N sid := integer msg := string ref := string sid-msg.map v2 format: GID || SID || REV || CLASSIFICATION || PRIORITY || MSG || REF 1 || REF N gid := integer sid := integer rev := integer classification := string (if NULL set to NOCLASS) priority := integer (if prio == 0, classification priority is used) msg := string ref := string ===================== generator (GID, gen-msg.map) are defaulted to the following value if their information is not overruled in sid-msg.map v2 file via processing of preprocessor.rules: revision 1 classification 0 priority 3 If generator message is present in the sid-msg.map v2 file, and gen-msg.map message are longer (more comprehensive by string length), gen-msg.map messages are used instead of sid-msg.map v2 file generator messages. ===================== 2. Signature/event logging suppression at spooler level. Read doc/README.sig_suppression 3. Configuration file variables. You can now use [var VARNAME value] in the barnyard2 configuration file and every instance of $VARNAME will get replaced by value. Note that variable declaration order is important only you include a variable with in a variable. EX (is VALID): var INTERFACE ethX var PATH /var/log/IDS var LOG $PATH/$INTERFACE/log var ARCHIVE $PATH/$INTERFACE/archive EX (is INVALID): var LOG $PATH/$INTERFACE/log var ARCHIVE $PATH/$INTERFACE/archive var INTERFACE ethX var PATH /var/log/IDS 4. New output database configuration keyword. Keywords connection_limit and reconnect_sleep_time where added in 2-1.10 but where "undocumented" and shouldn't be modified unless you encounter an issue. connection_limit <integer>: default 10 The maximum number of time that barnyard2 will tolerate a transaction faillure and or database connection failure. reconnect_sleep_time <integer> : default 5 The number of seconds to sleep betwen connection retry. disable_signature_reference_table Tell the output plugin not to synchronize the sig_reference table in the schema. Note: This option will speedup the process, especialy if you use sid-msg.mapv2 file or have alot of signature already in databases. (Make sure that you do not need that information before enabling this) So we hope you enjoy the new release, as a side note the RELEASE.NOTES file has not been updated and will be removed in the next version. It's honestly the most laborious part of release time ;) Regards, The barnyard2 team. -- --- You received this message because you are subscribed to the Google Groups "barnyard2-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to barnyard2-devel+unsubscribe () googlegroups com. For more options, visit https://groups.google.com/groups/opt_out. ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fwd: [barnyard2-devel] Barnyard v2-1.13 released. beenph (May 14)
- Re: Fwd: [barnyard2-devel] Barnyard v2-1.13 released. Jeremy Hoel (May 14)
- Re: Fwd: [barnyard2-devel] Barnyard v2-1.13 released. beenph (May 14)
- Re: Fwd: [barnyard2-devel] Barnyard v2-1.13 released. Nicholas Horton (May 15)
- Re: Fwd: [barnyard2-devel] Barnyard v2-1.13 released. beenph (May 15)
- Re: Fwd: [barnyard2-devel] Barnyard v2-1.13 released. Nicholas Horton (May 15)
- Re: Fwd: [barnyard2-devel] Barnyard v2-1.13 released. beenph (May 15)
- Re: Fwd: [barnyard2-devel] Barnyard v2-1.13 released. Jeremy Hoel (May 14)