The reinvigorated barnyard code is still going strong and it has had a few new additions applied to it. Namely porting of the spo_database output plugin from Snort which provides database logging support for mysql, postgresql, MSSQL, any unixODBC and Oracle. Also initial porting of the sguil output plugin as well. These are still in the experiemental stage and will take a few weeks to get some soak testing.

We know these to plugins are essential to make this worth testing so we look forward to any feedback. This may just be the time to finally upgrade to Snort 2.8+ and experiment with the unified2 file format.

We wouldn’t say that this is a barnyard revival as we don’t believe it ever went away. However, with the new unified2 file format of the latest snort releases which offers far better extensibility, we found it necessary to ensure barnyard comes along for the ride and can continue to be used as an essential interpreter for snort output files.

It’s still very much in the alpha stage but can parse the new file format (only) and output to two included output plugins, namely spo_alert_fast and spo_log_ascii. These should be very familiar to the regular Snort user.

So please download, use, abuse, check out our project page and let us know where we’re going wrong