So I have this problem with barnyard2 not telling anything to snortsam. I enabled the debug output and all i get is this:
Jul 11 14:28:13 by2 barnyard2[717]: DEBUG => Alert_FWsam Using alternative file: /etc/snort/sid-fwsam.map
Jul 11 14:28:13 by2 barnyard2[717]: INFO => Alert_FWsam Connected to host .
Snort with the snortsam patch works just fine, but because we want to upgrade to the latest snort and the snortsam patch for 2.9.2.0 needs a lot of changes we thought we'd rather move to BY2, but now we have this issue.
I see in the code that:
LogMessage("INFO => Alert_FWsam Connected to host %s.\n",sfip_ntoa(&station->stationip));
In our case sfip_ntoa(&station->stationip) seems to return an empty string (not "null" though).
In the /etc/snort/barnyard2.conf file I have this:
output alert_fwsam: 127.0.0.1:898/fwsampass
...and I have the same line for the snort with the snortsam patch, and that is working just fine.
Hi,
So I have this problem with barnyard2 not telling anything to snortsam. I enabled the debug output and all i get is this: Jul 11 14:28:13 by2 barnyard2[717]: DEBUG => Alert_FWsam Using alternative file: /etc/snort/sid-fwsam.map Jul 11 14:28:13 by2 barnyard2[717]: INFO => Alert_FWsam Connected to host .
Snort with the snortsam patch works just fine, but because we want to upgrade to the latest snort and the snortsam patch for 2.9.2.0 needs a lot of changes we thought we'd rather move to BY2, but now we have this issue.
I see in the code that: LogMessage("INFO => Alert_FWsam Connected to host %s.\n",sfip_ntoa(&station->stationip)); In our case sfip_ntoa(&station->stationip) seems to return an empty string (not "null" though).
In the /etc/snort/barnyard2.conf file I have this: output alert_fwsam: 127.0.0.1:898/fwsampass ...and I have the same line for the snort with the snortsam patch, and that is working just fine.
What am I doing wrong with by2?