search

firnsy / barnyard2

Barnyard2 is a dedicated spooler for Snort's unified2 binary output format.
GNU General Public License v2.0
344 stars 189 forks source link

ERROR => [Alert_FWsam] Could not renegotiate key! Ignoring host . #224

Open hostingnuggets opened 6 years ago

hostingnuggets commented 6 years ago

Hi,

I have configured Barnyard2 (v2.1.13) to communicate using FWsam with my OpenBSD 6.1 firewall in order to automatically block traffic generated by a few specific signatures. Unfortunately I see the following error message in the SnortSam log file on my firewall:

2017/07/26, 17:16:57, 192.168.1.222, 1, snortsam, Snort station 192.168.1.222 using wrong password, trying to re-sync.

My passwords should be correct as I have the following config in my Barnyard2 config file:

output alert_fwsam: 192.168.1.1:898/mysuperpassword

and the following line in my SnortSam config file on the firewall:

accept 192.168.1.222, mysuperpassword

In the Barnyard2 log file I see the following relevant info/errors:

...
INFO => [Alert_FWsam] Had to use initial key!
INFO => [Alert_FWsam](FWsamCheckIn) Connected to host .
INFO => [Alert_FWsam] Had to use initial key!
ERROR => [Alert_FWsam] Could not renegotiate key! Ignoring host .

So the password should be correct. Any clue here what might be going wrong here?

Thanks!

hostingnuggets commented 6 years ago

I gave it a try again with OpenBSD 6.3 but I still have exactly the same issue... Does anyone have a clue?