beave
commented
5 years ago This seems like a good idea to me. Let me look it over and if it looks good I'll merge. Even if I don't like it, I think it would be worth the time to code it. Doesn't seem like it would be a hard change so I'll probably just merge it.
Thank you! I really appreciate it!
Noticed the note in the source about barnyard wanting the hostname with interface like hostname:if#
I have not experienced this problem however even when using your awesome fork of by2 with a command line like:
/usr/local/bin/barnyard2 -D -c /etc/sensor/rules/the.conf -d /var/log/snort/internal/ -S /etc/sensor/rules/sid-msg.map -f snort-unified.log -w /var/log/snort/internal/barnyard.book -i eth2 --pid-path /tmp/barnyard
In any case when testing meer and discovering the different sensor naming convention in the DB it led an associate and I to code a workaround.
https://github.com/eventhorizon5/meer/commit/d18f3759cd36d2e8d4e23e9a6df52e73233a51a7
I would submit a pull but my associate owns that account and he is no longer with the company so if the commit above seems sane to you would you be ok with merging in the functionality?
Just want to avoid custom builds if possible and also allow switching to meer as a drop in replacement (no need to register a new sensor in the table).
I can also fork and then request a pull if that is what you would prefer.