[Snort-users] Barnyard2 and Snortsam for 2.9.7.0

Joel Esler (jesler) jesler at ...589...
Mon Dec 15 08:06:59 EST 2014


Afaik, you don't need to add anything to Snort anymore.  It's built into barnyard2

--
Joel Esler
Sent from my iPhone

On Dec 15, 2014, at 8:02 AM, Ian <snort_list at ...16912...<mailto:snort_list at ...16912...>> wrote:

On 12/12/2014 16:28, Shirkdog wrote:
Good ole' SnortSam. It was a great way to create custom actions and
update your firewall config once a specific alert triggered.

With DAQ and the ability to block in an IPS fashion, I am not sure if
anyone is still using it.

---
Michael Shirk

Hi,

We use snortsam extensively here.  Its useful to send out blocks to
other networks that have not yet seen attacks.

We run it as a daemon though, not compiled into snort.

Regards

Ian
--



On Fri, Dec 12, 2014 at 10:53 AM, Sec_Aficionado
<secaficionado at ...11827...<mailto:secaficionado at ...11827...>> wrote:
Hello there,

I was looking through Barnyard2's barnyard2.conf file and noticed the section under
# alert fw_sam: allow blocking of IP's through remote services

However, I can't find a Snortsam version for snort later than 2.9.5.3

Does anyone here know if the project changed name or moved somewhere else for newer snort versions?

As usual, thanks in advance!

Sent from my mobile
Any weird stuff in the message above is autocorrect's fault
------------------------------------------------------------------------------


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141215/7d15f109/attachment.html>


More information about the Snort-users mailing list