[Snort-users] Barnyard2 error
wkitty42 at ...14940...
Wed Jul 24 15:06:25 EDT 2013
On 7/24/2013 10:15, Abid Ayoub wrote:
> when i run the "barnyard2" with the next command:
> /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -d
> /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
> I got:
> WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard2.waldo'
> Waiting for new spool file
> So, how can i solve this problem ? any idea ?
that's not an error... that is a warning... there is a difference ;)
it is simply telling you that there is no waldo file or that it is truncated
(possibly to zero bytes)... when the alerts start appearing in your snort.u2
file(s), the waldo file will be created and maintained...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users