Usage of alert_fwsam module in barnyard.config

[alligatorwine]

Hi everyone,
I am running Snort in passive mode and I would like it to communicate with my Cisco ASA 5510. I know that Snortsam should do the job, but it looks like Snortsam code is now directly integrated in Barnyard (alert_fwsam module in barnyard.config).
Does anyone know how to configure it?
Thanks in advance.

Antonella

[binf]

Greetings,

The basic documentation can be found here
https://github.com/firnsy/barnyard2/blob/master/doc/README.snortsam

The sid-block.map or sid-fwsam.map need to be in the config directory
specified by command line for the configuration file.

So in a way you need to have snortsam setup somewhere that would interract
with your fw
and by2 would communicate with snortsam the later who would act on the fw
devices.

For the record the good documentation about the snortsam "agent" it self
can be found here.

http://doc.emergingthreats.net/bin/view/Main/SnortSamDocumentation
Refered from : http://www.snortsam.net/docs.html

Hope this helps.
(by2 only provide the alerting bridge from unified2 processing)

-elz

On Wed, Mar 18, 2015 at 4:54 AM, Antonella Angelini <
notifications@github.com> wrote:

Hi everyone,
I am running Snort in passive mode and I would like it to communicate with
my Cisco ASA 5510. I know that Snortsam should do the job, but it looks
like Snortsam code is now directly integrated in Barnyard (alert_fwsam
module in barnyard.config).
Does anyone know how to configure it?
Thanks in advance.

Antonella

—
Reply to this email directly or view it on GitHub
#142.