OpSyslog_Alert(): Invoked with Packet[0x3c89000] Event[0x0] Event Type [0] Context pointer[0x3c96700]

hkjarral

Barnyard stopped working after enabling Public IP REP list on snort interface.

barnyard2 -V

______ -> Barnyard2 <-
/ ,,_ \ Version 2.1.13 (Build 327) IPv6
|o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/

• '''' + (C) Copyright 2008-2013 Ian Firns firnsy@securixlive.com

This is the error message in log

barnyard2 OpSyslog_Alert(): Invoked with Packet[0x3c89000] Event[0x0] Event Type [0] Context pointer[0x3c96700]

System pfSense

BIOS Vendor: Dell Inc.
Version: A09
Release Date: Thu Jan 31 2013
Version 2.4.3-RELEASE-p1 (amd64)
built on Thu May 10 15:02:52 CDT 2018
FreeBSD 11.1-RELEASE-p10

The system is on the latest version.
Version information updated at Thu Sep 20 20:18:42 MST 2018
CPU Type Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (inactive)

cat /usr/local/etc/snort/snort_38898_igb3/barnyard2.conf

barnyard2.conf

barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php

General Barnyard2 settings

config quiet
config daemon
config decode_data_link
config alert_with_interface_name
config event_cache_size: 8192
config show_year
config archivedir: /var/log/snort/snort_igb338898/barnyard2/archive
config reference_file: /usr/local/etc/snort/snort_38898_igb3/reference.config
config classification_file: /usr/local/etc/snort/snort_38898_igb3/classification.config
config sid_file: /usr/local/etc/snort/snort_38898_igb3/sid-msg.map
config gen_file: /usr/local/etc/snort/snort_38898_igb3/gen-msg.map
config hostname: firewall.cybridllc.com
config interface: igb3
config waldo_file: /var/log/snort/snort_igb338898/barnyard2/38898_igb3.waldo
config logdir: /var/log/snort/snort_igb338898

START user pass through

END user pass through

Setup input plugins

input unified2

Setup output plugins

syslog_full: log to a remote syslog receiver

output log_syslog_full: sensor_name snort, server 192.168.1.241, protocol udp, port 5514, operation_mode default, payload_encoding hex, log_facility LOG_LOCAL0, log_priority LOG_INFO

hkjarral

It started to work after I turned snort off for few hours. I dont know reason just for anyone out there who saw the issue.