Snort mailing list archives
Re: Warning - corrupted waldo file
From: Jeremy Hoel <jthoel () gmail com>
Date: Sun, 7 Oct 2012 23:12:17 +0000
That's fine.. that's how I do it. On Oct 7, 2012 4:40 PM, "AllowOverride" <allowoverride () gmail com> wrote:
** is this ok in snort.conf? # site specific rules include $RULE_PATH/local.rules include $RULE_PATH/snort.rules the rest are # #include $RULE_PATH/attack-responses.rules #include $RULE_PATH/backdoor.rules #include $RULE_PATH/bad-traffic.rules #include $RULE_PATH/blacklist.rules #include $RULE_PATH/botnet-cnc.rules ........ ur thoughts? ---------- Forwarded message ---------- From: Peter Bates <peter.bates () ucl ac uk> To: Cc: <snort-users () lists sourceforge net> Date: Sun, 7 Oct 2012 22:59:01 +0100 Subject: Re: [Snort-users] Warning - corrupted waldo file -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 07/10/2012 22:17, AllowOverride wrote:1. so best to remove older snort.logs when i restart snort or pulledpork.pl is run?When all is running okay, you shouldn't have to remove the older logs. I have a morning cronjob to run PP that also then does service snort restart service barnyard2 restart - - but PP can do this by itself if you give it the right PID information. You need to restart barnyard2 after a rule update as sid-msg.map is updated which is essentially the file that maps the SIDs to names for barnyard to log the correct information to MySQL - otherwise you start logging a generic 'Snort Alert xxx'.2. does waldo need to be there right now? i dont think there is enough traffic to warrent it...While you are still testing, each time I would (personally) stop snort stop barnyard2 delete (or move out of the way) snort.log/alert/waldo start snort (a new snort.log should be created) start barnyard2 (a new waldo file will be made and snort.log should be processed). - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQcfslAAoJELhVoVpEMS6RVqYIAJXnYw3HhRGpY6a6YqRvHmtl mbdVEQIlV32E9ptUKT7YUBgWP9nzdxocFur0vt2DxQdrqQgDopb+gHVwwNqbw/dD 7/RfmE7DgAHH7S04smOWRPSWgkhJP2hFHGs76TkggFiKwhRMR9wo/YGwJ7OdXN8M qpfLgaV0TXvn8d/i9lqKGK+3BWl7xSaKrguEXpJfFGsZO2nDnS5zVKvuMzk6UEht 8VOfrI7/lmR88ydkgCyFw1Ffx2i9p3EwNAFMcyWaX/ooT6mpT/MGIyEB0kzRI72u KXvC6VnnRFx/JGxUJg8RPZ6vXkuIKXOALdVJdAw5hbMRyX2oFDEHmJcI/F5SCgQ= =/szU -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Warning - corrupted waldo file AllowOverride (Oct 06)
- Re: Warning - corrupted waldo file Peter Bates (Oct 07)
- Re: Warning - corrupted waldo file Jack (Oct 07)
- Re: Warning - corrupted waldo file AllowOverride (Oct 07)
- Re: Warning - corrupted waldo file Peter Bates (Oct 07)
- Re: Warning - corrupted waldo file AllowOverride (Oct 07)
- Re: Warning - corrupted waldo file Jeremy Hoel (Oct 07)
- Re: Warning - corrupted waldo file JJC (Oct 08)
- Re: Warning - corrupted waldo file AllowOverride (Oct 08)
- Re: Warning - corrupted waldo file Jack (Oct 07)
- Re: Warning - corrupted waldo file Peter Bates (Oct 07)