Re: Snort3 and barnyard2

[oleg gv via Snort-users <snort-users () lists snort org>]

Thanks a lot!

чт, 30 авг. 2018 г. в 15:25, Joel Esler (jesler) <jesler () cisco com>:

> Pulledpork, the supported rule downloader, generates the Sid-msg.map for
> you.  This is done to ensure that any local rules and 3rd party rules are
> accounted for as well.
>
> Sent from my iPhone
>
> On Aug 30, 2018, at 08:22, oleg gv via Snort-users <
> snort-users () lists snort org> wrote:
>
>
>
> But in rules archive for snort3 no sid-msg.map file exists. (
> https://snort.org/downloads/registered/snortrules-snapshot-3000.tar.gz)
>
> So the only way is to use snort2 rules with snort3 and barnyard ?
>
> вт, 28 авг. 2018 г. в 21:16, Russ via Snort-users <
> snort-users () lists snort org>:
>
> > Snort 3 does not provide those files.  Barnyard2 is woefully out of date
> > at this point, but you use classification.config and reference.config from
> > the Snort 2 download.  sid-msg.map is in the rules download.  gen-msg.map
> > can be created by running this Snort 3 command:
> >
> >     snort --list-builtin | sed -e "s/ / || /; s/:/ || /" | sort -n -t '|'
> > -k 1 -k 3
> >
> > Hope that helps.
> > Russ
> >
> > On 8/28/18 10:16 AM, oleg gv via Snort-users wrote:
> >
> > Hello, I'm tring to use snort3 with unified2 = {...} options in config
> > and barnyar2 to process logs.
> >
> > Barn2 need gen-msg.map and sid-msg.map files and classifications/refernce
> > files.
> >
> > Where to get them in snort3 or snort3-rules packages ? No *.map files
> > found here.
> >
> > Is it possible to run snort3 with barny2 ?
> >
> > Thanks.
> >
> >
> > _______________________________________________
> > Snort-users mailing listSnort-users () lists snort org
> > Go to this URL to change user options or unsubscribe:https://lists.snort.org/mailman/listinfo/snort-users
> >
> >      To unsubscribe, send an email to:
> >      snort-users-leave () lists snort org
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> >
> > Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists snort org
> > Go to this URL to change user options or unsubscribe:
> > https://lists.snort.org/mailman/listinfo/snort-users
> >
> >         To unsubscribe, send an email to:
> >         snort-users-leave () lists snort org
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
> >
> > Please follow these rules:
> > https://snort.org/faq/what-is-the-mailing-list-etiquette
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
>    To unsubscribe, send an email to:
>    snort-users-leave () lists snort org
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette