OpSyslog_Alert(): is currently unable to handle Event Type [72]

[Robert Millott <robm () millottandassociates com>]

All
  I finally got snort and barnyard talking together nicely. Now my syslog
is filling up with the above alerts.  I googled it, and found event type
104 & 105 related to vlan_event_types and mpls_event_types, but I can't
find what event type 72 is.  Anyone know what it is?  and more importantly,
how I filter it and stop it from filling my syslog?

Details:
OS: Gentoo 3.14.4
Snort: 2.9.6.0
Barnyard: 2.1.13 (build 327)
snort.conf output line: output unified2: filename snort.u2, limit 128
snort startup: /usr/bin/snort -c /etc/snort/snort.conf -G 0x11 --pid-path
/etc/snort/pid --daq pcap --daq-dir /usr/lib64/daq --daq-mode passive -i
eth0 -F /etc/snort/bpf.filter -D

Barnyard input line: Input unified2
   output log_syslog_full: sensor xxxxxxx,local, log_priority log_alert,
operation_mode default

Barnyard startup: /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d
/var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo --pid-path
/var/snort/pid

All above commands are manually typed in, so ignore typos, the commands do
work.

Thanx
-- 
Robert Millott
President, Millott and Associates
(443) 255-3588

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!