Important Notice for Suricata and Barnyard2 Users! Barnyard2 will be removed this year.
bmeeks last edited by
Attention Suricata package users who also use the Barnyard2 logging option!
The upstream Suricata development team is deprecating the option for Unified2 binary logging. That feature is scheduled to be removed by the middle of this year (2020). Adding fuel to that flame, Barnyard2 is essentially unsupported in FreeBSD ports now. There have been no material code updates to the port for several years now, and it is currently dependent on an extremely old version of the MySQL package that has a number of unpatched security vulnerabilities.
In light of all this, I will be removing the Barnyard2 tab and all of its associated features from the pfSense Suricata package this year. Current target date is to have Barnyard2 removed no later than the end of May 2020. If it turns out there are just a handful of Barnyard2 users and there is minimal impact from removing Barnyard2 earlier than May 2020, then I will remove it earlier.
Please speak up if this presents an insurmountable problem for you. The upstream Suricata team has adopted EVE JSON logging as their preferred and supported format. So you need to start now finding a suitable EVE-based replacement for what you may be doing with Barnyard2 in the Suricata package.