[Snort-users] Barnyard2 and Snortsam for

Ian snort_list at ...16912...
Mon Dec 15 07:45:42 EST 2014

On 12/12/2014 16:28, Shirkdog wrote:
> Good ole' SnortSam. It was a great way to create custom actions and
> update your firewall config once a specific alert triggered.
> With DAQ and the ability to block in an IPS fashion, I am not sure if
> anyone is still using it.
> ---
> Michael Shirk


We use snortsam extensively here.  Its useful to send out blocks to
other networks that have not yet seen attacks.

We run it as a daemon though, not compiled into snort.



> On Fri, Dec 12, 2014 at 10:53 AM, Sec_Aficionado
> <secaficionado at ...11827...> wrote:
>> Hello there,
>> I was looking through Barnyard2's barnyard2.conf file and noticed the section under
>> # alert fw_sam: allow blocking of IP's through remote services
>> However, I can't find a Snortsam version for snort later than
>> Does anyone here know if the project changed name or moved somewhere else for newer snort versions?
>> As usual, thanks in advance!
>> Sent from my mobile
>> Any weird stuff in the message above is autocorrect's fault
>> ------------------------------------------------------------------------------

More information about the Snort-users mailing list