Attention Barnyard2 Users for Snort or Suricata! Please read this notice!

  • Attention users of Barnyard2 with either the Snort or Suricata packages! Please read the information below.

    WHAT: Barnyard2 is slated to be removed from both the Snort and Suricata packages.

    WHEN: By the end of July 2020. You need to find a replacement for Barnyard2 by then if you are currently using that as a logging export method for Snort or Suricata.

    ACTION REQUIRED: Migrate any Barnyard2 logging you are currently utilizing to another log export platform such as syslog or an ELK stack or its equivalent.

    WHY: Barnyard2 is no longer actively maintained in FreeBSD ports. In fact, it has not had any material updates to its codebase in several years. As a result, the code now suffers from a number of functionality issues related to its dependency on older versions of some libraries. Of particular concern to me on pfSense is the dependency on the MySQL 5.7 database client. That library is deprecated and has several unpatched security vulnerabilities. Because that version is EOL, those vulnerabilities will never be patched.

    So it is now time to officially retire the Barnyard2 package from both Snort and Suricata. The upstream Suricata team has already announced that starting in version 6.0 Suricata will no longer create the Unified2 binary log file format required by Barnyard2. This means that once Suricata 6.0 is released, Barnyard2 will no longer have a log file to digest from Suricata.

    For your remote log exporting, you should consider moving to some type of syslog export scheme for Snort logs, and for Suricata I recommend a system that can export and receive EVE JSON logs.

Log in to reply