Re: [Snort-devel] Barnyard2 - v2-1.10 is released

["Michael Steele" <michaels () winsnort com>]

-----Original Message-----
From: beenph [mailto:beenph () gmail com] 
Sent: Wednesday, September 26, 2012 11:01 AM
To: Michael Steele
Cc: Jefferson, Shawn; snort-users () lists sourceforge net
Subject: Re: [Snort-users] [Snort-devel] Barnyard2 - v2-1.10 is released

On Wed, Sep 26, 2012 at 10:29 AM, Michael Steele <michaels () winsnort com>
wrote:
> BASE is not currently being developed, but has worked for a very long 
> time with no modifications (or very little). I'm not sure what it will 
> take to make BASE compliant with the new proposed database schemas 
> that the
> Barnyard2 team has announced, but any changes to the database schemas 
> will make BASE obsolete.

> > BASE in its current form will be obselete with the new schema. If people
with web app experience will want to port it, once the information is out
they will be happily able make modification so it works using the new
schema.

Support for BASE is non-existent at this point. Hopefully, there will be
someone to step in and make those modifications.

> Right now BASE accepts  data from several databases. However, when 
> Sourcefire abandoned the output database hook in Snort, Snort users 
> were totally reliant on Banyard2 for database support, which went from 
> several database options, to 2 database options.

> > There is things that are not to be mixed. And i do not want to get into
the details/obstacles on why right now 2-1.10 only cleanly support
PostgreSQL and MySQL and why it might be mild problem for windows users of
winsnort, but its not that hard to add other plateform within the current
code and the
> > future code will  have the same two basic database support and future
dbms will be added as the new version mature.

Doesn't matter if your running Snort on Windows or any other platform. If
for whatever reason, logging to a SQL server database is a necessity, then
they are stuck using an outdated Snort.

> There was 20 months between stable releases of Barnyard2, so I'm 
> pretty sure it's going to be awhile before it's implemented. I think 
> releasing this information at this time is causing a lot of confusion.

> > The 20 month period was not a period continuous developpment, now that
its is out there, beside bugfix it will be the last branch in the 2-1.xx
family for barnyard2.
> > The information about the schema
> > has been out there  for a while Michael, but there is no need to throw
out all the bells and whistles at this moment.
> > You will still be able to use the 2-1.xx family after the release of the
2.-2.xx branch and the new schema.

We are good until we see the 2.-2.xx, which at that point the new schema is
plugged in, and BASE in its existing form will cease to function, if
updated.

> Hopefully the Barnyard2 team will show a little compassion for the 
> users of BASE and update BASE to be compliant with their new database 
> schema. BASE is the only console out there (that I know of) that is 
> cross platform compatible.

> > I might be wrong but i was under the impression that sguil and Snorby
would work on windows.
> > But we will support any Interface needs regarding the new proposed schema
which has not been out yet and that will be open to
modification/suggestion/comments by interested parties to make it last as
long as the existing schema has been.

I don't think there are any consoles that will run in a standalone Windows
environment, other than BASE. I could be wrong, and hopefully someone will
jump in here if there are other standalone options.

> > Maybe when the information will be out some people will be willing to
re-write base to support the schema.

> > In the meantime, concerns and comment about barnyard2 are allways welcome
on snort mailinglists and the barnyard2 mailing lists.

> > -elz

----------------------------------------------------------------------------
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and threat
landscape has changed and how IT managers can respond. Discussions will
include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!



------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!