OpSyslog_Alert(): Invoked with Packet[0x3c89000] Event[0x0] Event Type [0] Context pointer[0x3c96700]



  • Barnyard stopped working after enabling Public IP REP list on snort interface.

    barnyard2 -V

    ______ -> Barnyard2 <-
    / ,,_ \ Version 2.1.13 (Build 327) IPv6
    |o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/

    This is the error message in log

    barnyard2 OpSyslog_Alert(): Invoked with Packet[0x3c89000] Event[0x0] Event Type [0] Context pointer[0x3c96700]

    System pfSense

    BIOS Vendor: Dell Inc.
    Version: A09
    Release Date: Thu Jan 31 2013
    Version 2.4.3-RELEASE-p1 (amd64)
    built on Thu May 10 15:02:52 CDT 2018
    FreeBSD 11.1-RELEASE-p10

    The system is on the latest version.
    Version information updated at Thu Sep 20 20:18:42 MST 2018
    CPU Type Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
    4 CPUs: 1 package(s) x 4 core(s)
    AES-NI CPU Crypto: Yes (inactive)

    cat /usr/local/etc/snort/snort_38898_igb3/barnyard2.conf

    barnyard2.conf

    barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php

    General Barnyard2 settings

    config quiet
    config daemon
    config decode_data_link
    config alert_with_interface_name
    config event_cache_size: 8192
    config show_year
    config archivedir: /var/log/snort/snort_igb338898/barnyard2/archive
    config reference_file: /usr/local/etc/snort/snort_38898_igb3/reference.config
    config classification_file: /usr/local/etc/snort/snort_38898_igb3/classification.config
    config sid_file: /usr/local/etc/snort/snort_38898_igb3/sid-msg.map
    config gen_file: /usr/local/etc/snort/snort_38898_igb3/gen-msg.map
    config hostname: firewall.cybridllc.com
    config interface: igb3
    config waldo_file: /var/log/snort/snort_igb338898/barnyard2/38898_igb3.waldo
    config logdir: /var/log/snort/snort_igb338898

    START user pass through

    END user pass through

    Setup input plugins

    input unified2

    Setup output plugins

    syslog_full: log to a remote syslog receiver

    output log_syslog_full: sensor_name snort, server 192.168.1.241, protocol udp, port 5514, operation_mode default, payload_encoding hex, log_facility LOG_LOCAL0, log_priority LOG_INFO



  • It started to work after I turned snort off for few hours. I dont know reason just for anyone out there who saw the issue.


Log in to reply