[Snort-sigs] typical errors when trying pulledpork

PR oly562 at ...2420...
Sun Sep 9 03:15:28 EDT 2012


yep warnings aka errors to me too...

welp here is the barnyard2 2.1.9 output... i just fired up... this
concerns me: at the end of it states:

WARNING: Ignoring corrupt/truncated waldofile
'/var/log/snort/barnyard2.waldo'
Opened spool file '/var/log/snort/snort.u2.1347091655'
Closing spool file '/var/log/snort/snort.u2.1347091655'. Read 0 records
Opened spool file '/var/log/snort/snort.u2.1347173583'
Waiting for new data
Closing spool file '/var/log/snort/snort.u2.1347173583'. Read 0 records
Opened spool file '/var/log/snort/snort.u2.1347174758'
Waiting for new data


suggestions? 
thanks. pete

ps, i loaded the rules that match 2.9.3.1. i did everything from scratch
following this manual enclosed:


On Sat, 2012-09-08 at 20:26 -0400, waldo kitty wrote:
> On 9/7/2012 22:25, Joel Esler wrote:
> > I don't see any errors. Looks like pulledpork worked correctly.
> 
> no errors?
> 
> > On Sep 7, 2012, at 9:29 PM, PR<oly562 at ...2420...>  wrote:
> [chomp]
> >> Reading rules...
> >> Generating Stub Rules....
> >>     An error occurred: !! WARNING: The database output plugins are
> >> considered deprecated as
> >>
> >>     An error occurred: WARNING: ip4 normalizations disabled because not
> >> inline.
> >>
> >>     An error occurred: WARNING: tcp normalizations disabled because not
> >> inline.
> >>
> >>     An error occurred: WARNING: icmp4 normalizations disabled because not
> >> inline.
> >>
> >>     An error occurred: WARNING: ip6 normalizations disabled because not
> >> inline.
> >>
> >>     An error occurred: WARNING: icmp6 normalizations disabled because not
> >> inline.
> >>
> >>     Done
> 
> they say they are errors ;)
> 
> but i agree that pulledpork did complete and has whatever rules it pulled in 
> place :)
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snortinstallguide293.pdf
Type: application/pdf
Size: 119771 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120909/47e3bd93/attachment.pdf>


More information about the Snort-sigs mailing list