Snort mailing list archives
Re: barnyard patches? http://colin.grady.us/ offline?
From: Colin Grady <colin.grady () gmail com>
Date: Mon, 28 Mar 2011 09:46:15 -0500
Michael,
I don't really have any documentation for the patches other than what was
presented on the site. Below are the patch summaries from the site:
barnyard-0.2.0-schema107.patch - 2006-04-06
- Patch for Barnyard 0.2.0 to add support for the Snort DB
schema 107. Barnyard will continue to support schema 106 by
identifying the schema version when connecting and making
schema-dependant queries. Schema 107 was introduced with Snort
2.6 and adds generator ID logging to the signature table. This
patch also addresses the signature revision issue where it is
always zero.
barnyard-0.2.0-caching.patch - 2006-04-07
- Enables the caching of signature IDs associated with the
signatures in the database. Signature IDs in the database are
not the same as a signature SID in the scope of the database.
Normally Barnyard must query the database with every alert to
determine the signature ID -- way more overhead than necessary.
This patch will reduce the total number of database transactions
by almost 20% over the life of the Barnyard process.
barnyard-0.2.0-combined.patch - 2008-02-26
- Combined -schema107 and -caching patches above.
barnyard-0.2.0-cleanup.patch - 2006-05-27
- Add fclose() functions as appropriate to three functions that
were neglecting to close files getting opened.
- Removes an extra fopen() call in another function that was
opening the same file twice.
- Compiler warnings have been addressed and fixed.
barnyard-0.2.0-syslog2.patch - 2008-01-08
- Reformats the syslog messages coming out of op_alert_syslog2
to match the format used by Snort's syslog output with interface
name. This can be useful with some log parsing tools that are
expecting a specific Snort log format.
barnyard-0.2.0-cef.patch - 2008-01-30
- Adds an op_alert_cef output plugin that supports the Common
Event Format (CEF) as defined by ArcSight. Please note this does
not provide payloads, so using ArcSight's native solution is
probably the better option. Below is an example configuration
(added to example barnyard.conf also):
# alert_cef
#-------------------------------
# Generates an ArcSight CEF syslog alert.
# Details at: http://www.arcsight.com/solutions_cef.htm
#
# output alert_cef: facility LOCAL4, severity ALERT, \
# syslog_host localhost, syslog_port 514
Hope this helps.
Colin
On Mon, Mar 28, 2011 at 8:59 AM, Michael Scheidell <
michael.scheidell () secnap com> wrote:
I do have the patches, I was looking for documentation on the patches, and want to use that documentation to justify asking freebsd ports maintainer to add them in. (its the patches for the mysql disconnect, the caching of next sid, adding vseq into schema), etc. the one that starts like this? diff -ruBN barnyard-0.2.0/configure barnyard-0.2.0-all/configure --- barnyard-0.2.0/configure 2004-05-01 11:52:17.000000000 -0500 +++ barnyard-0.2.0-all/configure 2006-04-08 00:12:05.000000000 -0500 @@ -709,7 +709,7 @@ PACKAGE=barnyard -VERSION=0.2.0 +VERSION=0.2.0-cmg if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then { echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; } diff -ruBN barnyard-0.2.0/src/output-plugins/op_acid_db.c barnyard-0.2.0-all/src/output-plugins/op_acid_db.c --- barnyard-0.2.0/src/output-plugins/op_acid_db.c 2004-04-03 13:57:32.000000000 -0600 +++ barnyard-0.2.0-all/src/output-plugins/op_acid_db.c 2006-04-08 00:24:26.000000000 -0500 @@ -45,11 +45,20 @@ #endif /* ENABLE_POSTGRES */ /* D A T A S T R U C T U R E S **************************************/ +typedef struct _DbSignature +{ + int gen; + int sid; On 3/28/11 9:51 AM, Colin Grady wrote: I should have the site archived, and can provide you any of the patches you're looking for. I do have the patch, and have added it in manually every time I have upgraded barnyard from freebsd ports. yes, I can host the site easy enough with a freebsd jailed VPS. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300*| *SECNAP Network Security Corporation- Best Intrusion Prevention Product, Networks Product Guide - Certified SNORT Integrator - Hot Company Award, World Executive Alliance - Best in Email Security, 2010 Network Products Guide - King of Spam Filters, SC Magazine ------------------------------ This email has been scanned and certified safe by SpammerTrap®. For Information please see http://www.secnap.com/products/spammertrap/ ------------------------------
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 27)
- Message not available
- Re: barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 28)
- Message not available
- Re: barnyard patches? http://colin.grady.us/ offline? Colin Grady (Mar 28)
- Re: barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 28)
- Re: barnyard patches? http://colin.grady.us/ offline? Colin Grady (Mar 28)
- Re: barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 28)
- Re: barnyard patches? http://colin.grady.us/ offline? Paul Schmehl (Mar 28)
- Re: barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 28)
- Re: barnyard patches? http://colin.grady.us/ offline? Colin Grady (Mar 28)