|
Barnyard is a critical tool for the parsing of Snort's unified binary files, processing and on-forwarding to a variety of output plugins. Unfortunately it has not seen an update in over 4 years and is not going to be maintained by the original developers. With the new unified v2 format arriving we need something to bridge this gap.
To quote directly from the Snort FAQ:
"Barnyard is an output system for Snort. Snort creates a special binary output format called unified. Barnyard reads this file, and then resends the data to a database backend. Unlike the database output plug-in, Barnyard is aware of a failure to send the alert to the database, and it stops sending alerts. It is also aware when the database can accept connections again and will start sending the alerts again."
The SXL team love barnyard. So much so that we want it to stay and have been tinkering around with the code to give it a breath of new life. Here is what we have planned for this re-invigorated code base:
- Parsing of the new unified2 log files.
- Maintaining majority of the command syntax of barnyard.
- Address the bug reports and majority of feature requests arising since barnyard-0.2.0.
Below is an alpha release of what we have so far, it will pass unified2 files and there are two output plugins that allow testing of outputting alerts and logs. It is an effort to fuse the awesome work of Snort and the original barnyard but to give it a fresh update. We've still got a ways to go but just want to throw it out and begin to test the waters for it's potential utility. We know we'll be using it in a future projects.
Just remember it's alpha, only tested on my system so far, so I expect lot's of feedback to get this working towards something stable :)
Regards, Firnsy.
|
