[Snort-users] Warning - corrupted waldo file

Peter Bates peter.bates at ...15381...
Sun Oct 7 05:03:57 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 07/10/2012 03:07, AllowOverride wrote:
> WARNING: Ignoring corrupt/truncated waldofile 
> '/var/log/snort/barnyard2.waldo'
> 
> what does this mean,,, besides it being a WARNING....
> 
> # ls -al /var/log/snort/barnyard2.waldo -rw-r--r-- 1 snort snort 0
> Oct  4 10:26 /var/log/snort/barnyard2.waldo

During your test if your waldo file is non-zero then I'd delete it
before running barnyard2.

The warning should be just a warning.

I have personally though seen barnyard not update events because the
waldo file already exists and contains data about old log files.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQcUV9AAoJELhVoVpEMS6RW9YH/0KsF8J+5rwllThiRR+IbiO1
Nf5FzMnmtwnB3XClvVtm9jlMzRxYJIMRKyowkRnzOW2pCVuY2OBfQf3SAJXEXqqD
0Luw/oDEJUMQJPdji9mT88q7/vSDsQ59pehHNbB3KlR2zViwZ/Gc0rBqiNSZiPH9
RE1KeL2hqPf01yaiaWSm/w1fDPB/gYGzRoKypwiFRuE353N+x4zYwKZrYOyhfAPG
0YaXzia/1XBEVUcvuROcKcFOa8awqktXXNh7IyPOLOotuoe02shksWzNUM0SbTVZ
tgd3Ie9/f9OCIznYOPHBR0U2segfm6hKegi1rIIozrkA9KHdGuzt3fMLn8eopu8=
=ivlk
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list