Snort mailing list archives

Re: Where's Waldo?

From: AllowOverride <allowoverride () gmail com>
Date: Tue, 09 Oct 2012 08:29:15 -0700

I was doing some research, like i usually do, and i found this option,
but, 
there is not much said about in the Readme's enclosed with Barnyard2
tar.

-f <base>  Use <base> as the base filename pattern

what do they mean by base filename pattern?

thanks

--- Begin Message --- From: beenph <beenph () gmail com>
Date: Tue, 9 Oct 2012 02:39:41 -0400

That person was probably right.

https://github.com/firnsy/barnyard2/blob/master/README

<SNIP>
In continual mode, barnyard2 will start with a location to look and a specified
file pattern and continue to process new data (and new spool files) as they
appear.

Continual mode w/ bookmarking will also use a checkpoint file (or waldo file in
the snort world) to track where it is. In the event the barnyard2 process ends
while a waldo file is in use, barnyard2 will resume processing at the last
entry as listed in the waldo file.

The "-f", "-w", and "-o" options are used to determine which mode barnyard2
will run in. It is legal for both the "-f" and "-w" options to be used on the
command line at the same time, however any data that exists in the waldo file
will override the command line data from the "-f" and "-d" options. See the
command directives section below for more detail.
Barnyard2 processing is controlled by two main types of directives: input
processors and output plugins. The input processors read information in from a
specific format ( currently the spo_unified2 output module of Snort ) and
output them in one of several ways.
</SNIP>


On Tue, Oct 9, 2012 at 1:54 AM, AllowOverride <allowoverride () gmail com> wrote:

WARNING: Ignoring corrupt/truncated waldofile '/tmp/waldo'

i updated my barnyard2.conf, and im still getting this message.

why is it corrupt?

-rw-r--r--  1 root root     0 Oct  8 17:42 waldo

i still think barnyard2.conf is not working right.
someone said im not doing the research
i followed the official howtos. go figure...


suggestions now? thanks

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

--- End Message ---

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Where's Waldo? AllowOverride (Oct 08)
- Re: Where's Waldo? beenph (Oct 08)
  - Re: Where's Waldo? AllowOverride (Oct 09)
    - Re: Where's Waldo? Peter Bates (Oct 09)
    - Re: Where's Waldo? waldo kitty (Oct 10)
    - Re: Where's Waldo? AllowOverride (Oct 10)
    - Re: Where's Waldo? AllowOverride (Oct 10)
  - Re: Where's Waldo? AllowOverride (Oct 09)
    - Re: Where's Waldo? Paul Schmehl (Oct 09)
    - Re: Where's Waldo? AllowOverride (Oct 09)
    - Re: Where's Waldo? Paul Schmehl (Oct 09)
    - Re: Where's Waldo? AllowOverride (Oct 09)
    - Re: Where's Waldo? Paul Schmehl (Oct 09)

(Thread continues...)