Snort mailing list archives
Re: Warning - corrupted waldo file
From: AllowOverride <allowoverride () gmail com>
Date: Mon, 08 Oct 2012 15:31:48 -0700
let's say I was, then what happens? ps. im not.. why even ask that,, are you community or not! pss. what kinda question is that? what's that have to do with anything I am asking here? psss. are you f...ing with me? or are you serious, and why would you care? they don't teach snort in college. cheesy questions = cheesy responses... psssst. Im a snort user from 1.0, and im trying to configure and get my stuff to work... does that help? ;)
--- Begin Message --- From: JJC <cummingsj () gmail com>
Date: Mon, 8 Oct 2012 07:21:54 -0600
Are you a student? On Sun, Oct 7, 2012 at 4:38 PM, AllowOverride <allowoverride () gmail com>wrote:** is this ok in snort.conf? # site specific rules include $RULE_PATH/local.rules include $RULE_PATH/snort.rules the rest are # #include $RULE_PATH/attack-responses.rules #include $RULE_PATH/backdoor.rules #include $RULE_PATH/bad-traffic.rules #include $RULE_PATH/blacklist.rules #include $RULE_PATH/botnet-cnc.rules ........ ur thoughts? ---------- Forwarded message ---------- From: Peter Bates <peter.bates () ucl ac uk> To: Cc: <snort-users () lists sourceforge net> Date: Sun, 7 Oct 2012 22:59:01 +0100 Subject: Re: [Snort-users] Warning - corrupted waldo file -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 07/10/2012 22:17, AllowOverride wrote:1. so best to remove older snort.logs when i restart snort or pulledpork.pl is run?When all is running okay, you shouldn't have to remove the older logs. I have a morning cronjob to run PP that also then does service snort restart service barnyard2 restart - - but PP can do this by itself if you give it the right PID information. You need to restart barnyard2 after a rule update as sid-msg.map is updated which is essentially the file that maps the SIDs to names for barnyard to log the correct information to MySQL - otherwise you start logging a generic 'Snort Alert xxx'.2. does waldo need to be there right now? i dont think there is enough traffic to warrent it...While you are still testing, each time I would (personally) stop snort stop barnyard2 delete (or move out of the way) snort.log/alert/waldo start snort (a new snort.log should be created) start barnyard2 (a new waldo file will be made and snort.log should be processed). - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQcfslAAoJELhVoVpEMS6RVqYIAJXnYw3HhRGpY6a6YqRvHmtl mbdVEQIlV32E9ptUKT7YUBgWP9nzdxocFur0vt2DxQdrqQgDopb+gHVwwNqbw/dD 7/RfmE7DgAHH7S04smOWRPSWgkhJP2hFHGs76TkggFiKwhRMR9wo/YGwJ7OdXN8M qpfLgaV0TXvn8d/i9lqKGK+3BWl7xSaKrguEXpJfFGsZO2nDnS5zVKvuMzk6UEht 8VOfrI7/lmR88ydkgCyFw1Ffx2i9p3EwNAFMcyWaX/ooT6mpT/MGIyEB0kzRI72u KXvC6VnnRFx/JGxUJg8RPZ6vXkuIKXOALdVJdAw5hbMRyX2oFDEHmJcI/F5SCgQ= =/szU -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
--- End Message ---
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Warning - corrupted waldo file AllowOverride (Oct 06)
- Re: Warning - corrupted waldo file Peter Bates (Oct 07)
- Re: Warning - corrupted waldo file Jack (Oct 07)
- Re: Warning - corrupted waldo file AllowOverride (Oct 07)
- Re: Warning - corrupted waldo file Peter Bates (Oct 07)
- Re: Warning - corrupted waldo file AllowOverride (Oct 07)
- Re: Warning - corrupted waldo file Jeremy Hoel (Oct 07)
- Re: Warning - corrupted waldo file JJC (Oct 08)
- Re: Warning - corrupted waldo file AllowOverride (Oct 08)
- Re: Warning - corrupted waldo file Jack (Oct 07)
- Re: Warning - corrupted waldo file Peter Bates (Oct 07)