Interpreter for Snort unified2 binary output files Maintained by:pauls@utdallas.edu Port Added: 15 May 2011 17:10:52 License: GPLv2
Barnyard is a critical tool for the parsing of Snort's unified binary files,
processing and on-forwarding to a variety of output plugins. Unfortunately
it has not seen an updated in over 4 years and is not going to be maintained
by the original developers. With the new version of the unified format
(ie. unified2) arriving we need something to bridge this gap.
The SXL team love barnyard. So much so that we want it to stay and have been
tinkering around with the code to give it a breath of new life. Here is what
we have achieved to far for this reinvigorated code base:
* Parsing of the new unified2 log files.
* Maintaining majority of the command syntax of barnyard.
* Addressed all associated bug reports and feature requests arising since
barnyard-0.2.0.
* Completely rewritten code based on the GPLv2 Snort making it entirely
GPLv2.
This is an effort to fuse the awesome work of Snort and the original concept
of barnyard giving it a fresh update along the way. We've come a long way so
far and have a very stable build that we've integrated into our NSMnow
framework. If you have any feature requests, bugs or gripes then send them
our way.
WWW: http://www.securixlive.com/barnyard2/
To install the port:cd /usr/ports/security/barnyard2-sguil/ && make install clean To add the package:pkg_add -r barnyard2-sguil
Configuration Options
===> The following configuration options are available for barnyard2-sguil-1.12:
64BIT=off: Enable 64bit compilation (experimental)
ARUBA=off: Enable aruba support
BRO=off: Enable bro support (libbroccoli)
GRE=off: Enable gre support
IPV6=on: IPv6 protocol support
MPLS=off: MPLS support
MYSQL=off: MySQL database support
MYSQL_SSL=off: Enable mysql ssl support (experimental)
ODBC=off: ODBC backend
PRELUDE=off: Enable prelude support
PGSQL=off: PostgreSQL database support
TCL=on: Tcl scripting language support
===> Use 'make config' to modify these settings
- Update to 1.10
- Convert to new options framework
- Allow for any available version of TCL to be used
- Add LICENSE
- Remove indefinite article from COMMENT, update
- Mark MAKE_JOBS_SAFE
- Trim Makefile header
PR: ports/172456
Submitted by: Paul Schmehl <pauls@utdallas.edu> (maintainer)
Approved by: makc (mentor)
Feature safe: yes
- add patch to barnyard2 to allow build with postgresql and tcl
(reported and fixed upstream)
- display option TCL only for Master port, it makes no sense if
the slave can de-select a required option
- remove broken barnyard-sguil (master port was removed 2011-04-04)
- add new port barnyard2-sguil [1]
- add entry to MOVED
PR: ports/156188 [1]
Submitted by: me
Approved by: maintainer timeout
If you buy from Amazon USA, please support us by using this link.
