[Snort-users] Barnyard2 error

Michael Steele michaels at ...9077...
Wed Jul 24 17:25:17 EDT 2013


I also get those questions, and I always give the same response.

If the 'WARNINGS:' messages are boiler plate for a particular set of event/s
within Barnyard2, maybe expanding in the 'WARNING:' to include a reasonable
explanation of why the 'WARNING:' occurred.

WARNING: Ignoring corrupt/truncated waldofile
'/var/log/snort/barnyard2.waldo'
INFO: Creating a new Waldo file. It appears there is no waldo file, or it
possibly has been truncated zero bytes..

Best regards,
Michael...

-----Original Message-----
From: waldo kitty [mailto:wkitty42 at ...14940...] 
Sent: Wednesday, July 24, 2013 3:06 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Barnyard2 error

On 7/24/2013 10:15, Abid Ayoub wrote:
> Hello,
> when i run the "barnyard2" with the next command:
> /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -d 
> /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo I got:
[trim]
> WARNING: Ignoring corrupt/truncated waldofile
'/var/log/snort/barnyard2.waldo'
> Waiting for new spool file
> So, how can i solve this problem ? any idea ?

that's not an error... that is a warning... there is a difference ;)

it is simply telling you that there is no waldo file or that it is truncated
(possibly to zero bytes)... when the alerts start appearing in your snort.u2
file(s), the waldo file will be created and maintained...

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

----------------------------------------------------------------------------
--
See everything from the browser to the database with AppDynamics Get
end-to-end visibility with application monitoring from AppDynamics Isolate
bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!






More information about the Snort-users mailing list