Re: Warning - corrupted waldo file

[AllowOverride <allowoverride () gmail com>]

let's say I was, then what happens?

ps. im not.. why even ask that,, are you community or not!

pss. what kinda question is that? what's that have to do with anything I
am asking here?

psss. are you f...ing with me? or are you serious, and why would you
care?
they don't teach snort in college. cheesy questions = cheesy
responses...

psssst. Im a snort user from 1.0, and im trying to configure and get my
stuff to work...

does that help? ;)

> --- Begin Message ---
>
>
> From: JJC <cummingsj () gmail com>
>
> Date: Mon, 8 Oct 2012 07:21:54 -0600
>
> Are you a student?
>
>
>
> On Sun, Oct 7, 2012 at 4:38 PM, AllowOverride <allowoverride () gmail com>wrote:
>
> > **
> > is this ok in snort.conf?
> >
> > # site specific rules
> > include $RULE_PATH/local.rules
> > include $RULE_PATH/snort.rules
> >
> > the rest are #
> >
> > #include $RULE_PATH/attack-responses.rules
> > #include $RULE_PATH/backdoor.rules
> > #include $RULE_PATH/bad-traffic.rules
> > #include $RULE_PATH/blacklist.rules
> > #include $RULE_PATH/botnet-cnc.rules
> > ........
> >
> >
> > ur thoughts?
> >
> >
> > ---------- Forwarded message ----------
> > From: Peter Bates <peter.bates () ucl ac uk>
> > To:
> > Cc: <snort-users () lists sourceforge net>
> > Date: Sun, 7 Oct 2012 22:59:01 +0100
> > Subject: Re: [Snort-users] Warning - corrupted waldo file
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > Hello all
> >
> > On 07/10/2012 22:17, AllowOverride wrote:
> > > 1. so best to remove older snort.logs when i restart snort or
> > > pulledpork.pl is run?
> >
> > When all is running okay, you shouldn't have to remove the older logs.
> >
> > I have a morning cronjob to run PP that also then does
> >
> > service snort restart
> > service barnyard2 restart
> >
> > - - but PP can do this by itself if you give it the right PID information.
> >
> > You need to restart barnyard2 after a rule update as sid-msg.map is
> > updated which is essentially the file that maps the SIDs to names for
> > barnyard to log the correct information to MySQL - otherwise you start
> > logging a generic 'Snort Alert xxx'.
> >
> > > 2. does waldo need to be there right now? i dont think there is
> > > enough traffic to warrent it...
> >
> > While you are still testing, each time I would (personally)
> >
> > stop snort
> > stop barnyard2
> > delete (or move out of the way) snort.log/alert/waldo
> > start snort (a new snort.log should be created)
> > start barnyard2 (a new waldo file will be made and snort.log
> > should be processed).
> >
> > - --
> > Peter Bates
> > Senior Computer Security Officer    Phone: +44(0)2076792049
> > Information Services Division       Internal Ext: 32049
> > University College London
> > London WC1E 6BT
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.11 (Darwin)
> > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> >
> > iQEcBAEBAgAGBQJQcfslAAoJELhVoVpEMS6RVqYIAJXnYw3HhRGpY6a6YqRvHmtl
> > mbdVEQIlV32E9ptUKT7YUBgWP9nzdxocFur0vt2DxQdrqQgDopb+gHVwwNqbw/dD
> > 7/RfmE7DgAHH7S04smOWRPSWgkhJP2hFHGs76TkggFiKwhRMR9wo/YGwJ7OdXN8M
> > qpfLgaV0TXvn8d/i9lqKGK+3BWl7xSaKrguEXpJfFGsZO2nDnS5zVKvuMzk6UEht
> > 8VOfrI7/lmR88ydkgCyFw1Ffx2i9p3EwNAFMcyWaX/ooT6mpT/MGIyEB0kzRI72u
> > KXvC6VnnRFx/JGxUJg8RPZ6vXkuIKXOALdVJdAw5hbMRyX2oFDEHmJcI/F5SCgQ=
> > =/szU
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
> >
> >
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
> --- End Message ---
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!