debian, suricata, snorby, barnyard, ruby 2.x, apache

Helpful tips you may find useful, after a dist-upgrade to debian 8 jessie.

Since I came from debian 7 wheezy and did the upgrade to debian 8, I had problems with snorby. Here’s the fix.

Some days ago I made the decision to upgrade from debian 7 wheezy to debian 8 jessie (apt-get dist-upgrade).
Before you do, please read the release notes carefully!



Debian 8, codename jessie, offers a version of suricata that is very near the actual official version. As a consequence of this I have removed the older version of suricata and afterwards I installed the actual version of suricata. You can use apt or package manager.

settings files

Please make sure that you keep the settings file of suricata and barnyard2 at the right place – done’t touch! [or use backup]

snorby and ruby

At this step I got problems. Debian 8 jessie has ruby version 2.x but snorby still needs and wants version 1.9.x.

Terminal output:

You may want or you may need older versions of ruby but I have no other ruby applications running on my system. This way I removed all the old [wheezy] versions of ruby 1.8.1, 1.9.x while checking files and folders – cleaned up.

My system now has debian 8 jessie and ruby 2.1.5 but again, snorby won’t start.

What to do to get snorby and ruby 2.x running?

Solution: here’s the hack, that I’ve found.

1) Comment out the check for ruby version

in –> snorby/config/application.rb

or, that’s what I did, change the version number for checking:

Read more:!topic/snorby/n3gKBCzPyyA

2) Edit lib/snorby/payload.rb

Surprisingly, when you try to run snorby, another error appears like this:

I’ve commented and replaced the lines with those below

read more:

Please keep in mind, remember, that this hack concerns some files out of the snorby git repository!
Try using branches or what ever else.


Leave a Reply

Your email address will not be published. Required fields are marked *