[Snort-users] Where's Waldo?
beenph at ...11827...
Tue Oct 9 02:39:41 EDT 2012
That person was probably right.
In continual mode, barnyard2 will start with a location to look and a specified
file pattern and continue to process new data (and new spool files) as they
Continual mode w/ bookmarking will also use a checkpoint file (or waldo file in
the snort world) to track where it is. In the event the barnyard2 process ends
while a waldo file is in use, barnyard2 will resume processing at the last
entry as listed in the waldo file.
The "-f", "-w", and "-o" options are used to determine which mode barnyard2
will run in. It is legal for both the "-f" and "-w" options to be used on the
command line at the same time, however any data that exists in the waldo file
will override the command line data from the "-f" and "-d" options. See the
command directives section below for more detail.
Barnyard2 processing is controlled by two main types of directives: input
processors and output plugins. The input processors read information in from a
specific format ( currently the spo_unified2 output module of Snort ) and
output them in one of several ways.
On Tue, Oct 9, 2012 at 1:54 AM, AllowOverride <allowoverride at ...11827...> wrote:
> WARNING: Ignoring corrupt/truncated waldofile '/tmp/waldo'
> i updated my barnyard2.conf, and im still getting this message.
> why is it corrupt?
> -rw-r--r-- 1 root root 0 Oct 8 17:42 waldo
> i still think barnyard2.conf is not working right.
> someone said im not doing the research
> i followed the official howtos. go figure...
> suggestions now? thanks
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort
More information about the Snort-users