Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Barnyard2 OpSyslog_Alert(): Invoked with Packet[0x2f8bc00]…

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 5 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      highlandpeak
      last edited by

      Hello all, I've been getting the following log entries starting with the snapshots and continuing on with the latest release:

      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      Feb 9 08:52:35	barnyard2[10962]: OpSyslog_Alert(): Invoked with Packet[0x2f8bc00] Event[0x0] Event Type [0] Context pointer[0x2f27000]
      
      

      Can anybody tell me what this means? I've searched but found nothing appropriate.

      The entries are usually either singular or in groups of two or three.

      Using Snort and pfBlockerNG.

      Running:
      2.2-RELEASE (amd64)
      built on Thu Jan 22 14:03:54 CST 2015
      FreeBSD 10.1-RELEASE-p4

      Thanks,

      Bruce

      1 Reply Last reply Reply Quote 0
      • BBcan177B Offline
        BBcan177 Moderator
        last edited by

        Hi Bruce, I don't use Barnyard, but you can see some details here. Not sure if its related? You can also search the Barnyard Google group for any other threads…

        https://groups.google.com/forum/#!topic/barnyard2-users/0g6TU4zUunU

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • H Offline
          highlandpeak
          last edited by

          I was able to find that in searching but it seemed to relate to ipv6 and or Vlan/mpls with type 105 and 104. My logs refer to type 0 and I don't have vlan or mpls configured.

          Do you suppose that the log entries are informational only - relating to my configuration or maybe from current limitations of Snort/barnyard, as opposed to some failure and thus a security breach?

          Bruce

          1 Reply Last reply Reply Quote 0
          • bmeeksB Offline
            bmeeks
            last edited by

            @highlandpeak:

            I was able to find that in searching but it seemed to relate to ipv6 and or Vlan/mpls with type 105 and 104. My logs refer to type 0 and I don't have vlan or mpls configured.

            Do you suppose that the log entries are informational only - relating to my configuration or maybe from current limitations of Snort/barnyard, as opposed to some failure and thus a security breach?

            Bruce

            I use Barnyard2 logging (to Snorby) and I have not seen any errors like that.  It might be something related to IPv6 alerts, but that's just a guess.

            To be honest I am becoming less enthused about Barnyard2 as time goes on.  It seems to have some database concurrency issues, and on my box at least it runs the CPU to 75% and holds it there for about 15 minutes following each Barnyard2 restart while it does some sort of indexing/re-indexing of rule references to SIDs using the sid-msg.map files.

            The update cycle for Barnyard2 also seems a bit slow from what I can tell.  I am working on a Logstash Forwarder package for pfSense (mainly to go with Suricata's EVE JSON logging).  This looks to be a much better solution for exporting IDS logs to another box for analysis.  Maybe it can be adapted for Snort on pfSense.

            Bill

            1 Reply Last reply Reply Quote 0
            • F Offline
              floz
              last edited by

              Maybe it is related to this issue I'm having: https://forum.pfsense.org/index.php?topic=88831.0

              Both have Event[0x0] Event Type [​0] at the heart . . . . . ??

              1 Reply Last reply Reply Quote 0
              • B Offline
                brandur
                last edited by

                Hi
                I'm sorry for digging this old tread up again. But I am pretty sure that I'm havin similar issues.
                As you can see below. That is what is flooding my log.

                Aug 3 10:41:14	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:36:50	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:36:48	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:36:48	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:36:04	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:36:01	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:36:01	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:30:16	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:30:16	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:30:09	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:29:26	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:29:26	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:29:26	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:29:04	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:29:04	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:28:29	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:28:26	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:27:03	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:25:29	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:25:29	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:25:27	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:24:37	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:24:32	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:22:28	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:21:36	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:21:20	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:20:12	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:18:15	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:17:04	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:07:37	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                Aug 3 10:07:37	barnyard2	93492	OpSyslog_Alert(): Invoked with Packet[0x389dc00] Event[0x0] Event Type [0] Context pointer[0x3839000]
                

                Additional info:
                SG-4860 running pfSense 2.3.2-RELEASE (amd64)

                Packages:

                iftop	net-mgmt	0.17_2	Realtime interface monitor (console/shell only).	
                Package Dependencies:
                  iftop-1.0.p4 	
                
                iperf	benchmarks	2.0.5.5_1	Iperf is a tool for testing network throughput, loss, and jitter.	
                Package Dependencies:
                  iperf-2.0.5 	
                
                nmap	security	1.4.4_1	NMap is a utility for network exploration or security auditing.
                Package Dependencies:
                  nmap-7.12 	
                
                openvpn-client-export	security	1.3.8	Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.	
                Package Dependencies:
                  zip-3.0_1 	  p7zip-15.14_1 	  openvpn-client-export-2.3.11 	
                
                pfBlockerNG	net	2.1.1_2	pfBlockerNG is the Next Generation of pfBlocker.
                Package Dependencies:
                  whois-5.1.5 	  GeoIP-1.6.9 	  lighttpd-1.4.39_1 	  grepcidr-2.0 	  aggregate-1.6_1 	
                
                snort	security	3.2.9.1_14	Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.	
                Package Dependencies:
                  barnyard2-1.13 	  snort-2.9.8.3
                

                If you want any more info, just ask.

                Is this an error or just informational messages and most importantly. Can it be suppressed somehow?
                Any help is much appreciated :)

                Thank you.

                SG-4860 w/128GB SSD & 8GB RAM

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.