Re: Snort3 and barnyard2

[Russ via Snort-users <snort-users () lists snort org>]

Snort 3 does not provide those files.  Barnyard2 is woefully out of date 
at this point, but you use classification.config and reference.config 
from the Snort 2 download.  sid-msg.map is in the rules download.  
gen-msg.map can be created by running this Snort 3 command:

    snort --list-builtin | sed -e "s/ / || /; s/:/ || /" | sort -n -t 
'|' -k 1 -k 3

Hope that helps.
Russ

On 8/28/18 10:16 AM, oleg gv via Snort-users wrote:
> Hello, I'm tring to use snort3 with unified2 = {...} options in config 
> and barnyar2 to process logs.
>
> Barn2 need gen-msg.map and sid-msg.map files and 
> classifications/refernce files.
>
> Where to get them in snort3 or snort3-rules packages ? No *.map files 
> found here.
>
> Is it possible to run snort3 with barny2 ?
>
> Thanks.
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
>         To unsubscribe, send an email to:
>         snort-users-leave () lists snort org
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette