There’s not a lot to gloat about in the initial beta for the 1.9 cycle except for the inclusion of SSL connections for PostgreSQL databases. This compliments the addition of SSL connections for MySQL databases in the 1.8 cycle and is a good sign for those who don’t have the luxury of a dedicated management network and are pushing there alert information in band.

There was some also minor internal updates that will in time facilitate an as yet undisclosed side project but more on that shortly

Hooray!

The 1.8 beta series seems to have flushed out a few bugs, courtesy of the excellent feedback that has been provided by users. A special thanks to both Markus Lude and Jason Wallace for their valuable feedback in this development cycle.

We are pleased to release the 1.8 final, which wraps up a number of changes, including:

1. Removed compilation warnings.
2. Improved sanity of exit codes.
3. Fixed duplication issue in the sguil output plugin.
4. Support SSL connections to mysql.
5. Support for spooler event caching.
6. Fixed the “-l” logging parameter.

Any feedback is greatly appreciated. Happy hacking!

Not a lot of significant change in this beta release, but a few bugs were squished and that can only be a good thing. Right?!

Most of the work was involved with the spooler where the event caching has been reworked to improve the flexibility in the near future.

I’ll give this release about a two week grace period and depending on the feedback the next release will be a full stable release.

Any feedback is greatly appreciated. Happy hacking!

Whilst this release feels a little overdue, we feel there is now sufficient fixes to warrant a new beta. Plus it makes a nice little gift before Christmas. You can find inside the following number of fixes and tweaks:

1. Removed compilation warnings (courtesy of Markus Lude)
2. Improved sanity of exit codes.
3. Fixed duplication issue in the sguil output plugin.
4. Support SSL connections to mysql (experimental)

The SSL support for mysql needs to be compiled in using the “–enable-mysql-ssl-support”.

You know the drill. Download, Compile, Install, Run, Break, and send in your Bug Reports

The last week or so has been spent polishing up the rough edges and removing those little nuances that people had reported.

We’re quietly confident that the code is in a position for a final release of 1.7 and am prepared to set it free upon the world.

The 1.7 series culminates in a lot of changes from the 1.6 series and more importantly aligns to the most recent version of Snort 2.8.5.1. You are likely to have seen the last of the major core changes for some time with future releases being dedicated to stability and minor improvements.

The provided configuration file should explain the updated syntax sufficiently and where it does not be sure to let me know and we’ll make sure it is updated accordingly.

A big thanks goes to all the feedback that fed the 1.7 development process and we look forward to the next cycle.

On a final note, go grab the final and let us know how you go!

As you may, or may not, have noticed … Snort 2.8.5 has finally arrived! This has introduced some interesting things into the unified2 file format most notably of which is recording of vlan id tags when compiled with the appropriate flags.

In order to support the best support these new features, we’ve taken the time to merge all pertitent changes from the Snort 2.8.4.1 to 2.8.5 transition into our code base.

There is bound to be some form of breakage because it’s hard to test every compiler/argument/config option combination, until I finally get around to writing the unit testing framework. Fortunately, you guys are quick to point out any issues so I’m happy to get things moving.

Grab the latest beta and let us know how you go!

This beta 3 release was a little later than anticipated and I blame the Oktoberfest for that.

In short this beta release has the following:

1. Some issues with the tcpdump logging output addressed and ready for testing.
2. A new RPM spec has been applied thanks to Tom McLaughlin.
3. Initial packet/event caching mechanism to better handle reading alerts based on streams (to be completed by 1.7 stable).

With the snort 2.8.5 just released we will be extending the 1.7 beta to align the codebase to the new version and also sort out the aforementioned item 3 and hopefully make Jonathan a happy man.

You know the drill – download, use, abuse, flame

Ok, so there’s been some interesting feedback over the past few weeks which has of course manifested itself into more updates. I love updates, and how code evolves over time in the attempt to become the most structured and stable thing it can be.

Enough of the philosophical talk and onto what this beta release provides. I’m not going to say it but hopefully the last of the waldo file issues (record index not being saved on exit) has been solved. My fingers are crossed. There has also been some attention played to the output plugins, namely the alert_cef plugin which was crapped on from a great height on a recent merge. IPv6 is getting a little attention lately courtesy of Breno Silva and the input processing is now accepting IPv6 unified logs.

If you want to help with the IPv6 development (ie. you have a test IPv6 enviornment to play on) then shoot us an email. Other than that, go grab the beta and let us know how you get on.

It’s been a number of weeks since the last beta release and so the time has come to release the 1.6 stable. There was not a lot of significant updates in this series but more importantly a number of small usability issues were addressed and rectified.

A quick summary of the inclusions for the 1.6 series are:

1. Waldo files are now honoured appropriately.
2. Reference files can NOW be specified on the command line via the “-R” option.
3. Map files parsing has been reworked.
4. Database output plugin is now more resilient to signal interrupts.

If you have any feedback, issues or requests then please let us know.

Grab the latest from the barnyard2 download page.

Enjoy!

This small release fixes the automake horror that was preventing the host from being correctly identified during the configuration. Suffice to say that as good as the automake tools can be they also have the ability to become your worst nightmare and forever chasing your tail.

I caught my tail and have update the link on  the download page to the new beta.

Enjoy!