The latest releases of YAF 2.x are listed below.

See also pre-releases of YAF 3.x and all YAF releases.

YAF Binary Package

On a Redhat, Fedora, or RPM-based host, the easiest way to install YAF is using the CERT Linux Forensics Tools Repository.

Follow their instructions to add the Tools Reposistory to the locations your system looks for packages, and use yum to find the YAF package and yum will install its dependencies.

Another approach is to download the YAF package from their site and install YAF and its dependencies manually.

YAF Release 2.14.0, 2023-Mar-23

Downloads

(SHA256=cf9e40428690387de7db78e27981c47b72664e4129a6b348ed19ea831f2ee019)

Changelog

  • Changed DNS deep packet inspection to produce names and text records with escape codes for special characters (non-ASCII, non-printable, special whitespace, and label-internal dots in names).
  • Made DNS deep packet inspection more strict about parsing malformed DNS Resource Records across RR boundaries within the packet.
  • Changed destination of --version output to the standard output.
  • Fixed a crash in YAF that occurs when it is built with GLib 2.75.3 or newer.

YAF Release 2.13.0, 2023-Feb-9

Downloads

(SHA256=a4c0a7cec4b3e78cde7a9bcd051e3e6bcb88c671494745ac506f1843756a61a3)

Changelog

  • Added ability for yaf to limit payload export to a named set of applabels.
  • Increased the maximum payload that YAF may capture for performing DPI.
  • Added support for recent releases of nDPI.
  • Added yaf.init to the list of installed files.
  • Stopped export of full flow template that is never used for data records.
  • Fixed minor bug in --version where Compact IPv4 support always reported NO.
  • Fixed bugs in regular expressions for nntpResponseRegex and smtpURLRegex.

YAF Release 2.12.2, 2021-Oct-14

Downloads

(SHA256=0f3634887b68c695c80472ed17f3a2ebfbf86f841d23a2d48534afc8b637afcb)

Changelog

  • Added new protocols to the yafAppLabelRules.conf file and updated several regular expressions.
  • Changed the regexes used by the SMTP DPI plugin and improved capture when multiple messages appear in a single SMTP session.
  • Fixed a crash in the SMTP DPI plugin when reading uniflow records.
  • Updated the POP3 DPI plugin.
  • Updated yafzcbalance to be compatibile with PF_Ring-8.

YAF Release 2.12.1, 2020-Dec-22

Downloads

(SHA256=53bbdfddd4d6f59ac0d866fdb20e59653cc7f8541b44044bbb1ec1f981e21e27)

Changelog

  • Changed the templates and IEs used for SMTP DPI. The new templates use different IDs than those used by previous releases of YAF. super_mediator-1.8.0 or later is required to read this format. Currently there is no version of Analysis Pipeline that reads the SMTP DPI.
  • First public release of YAF 2.12.x.