Snort mailing list archives

Re: Warning - corrupted waldo file

From: Peter Bates <peter.bates () ucl ac uk>
Date: Sun, 7 Oct 2012 10:03:57 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 07/10/2012 03:07, AllowOverride wrote:

WARNING: Ignoring corrupt/truncated waldofile 
'/var/log/snort/barnyard2.waldo'

what does this mean,,, besides it being a WARNING....

# ls -al /var/log/snort/barnyard2.waldo -rw-r--r-- 1 snort snort 0
Oct  4 10:26 /var/log/snort/barnyard2.waldo


During your test if your waldo file is non-zero then I'd delete it
before running barnyard2.

The warning should be just a warning.

I have personally though seen barnyard not update events because the
waldo file already exists and contains data about old log files.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQcUV9AAoJELhVoVpEMS6RW9YH/0KsF8J+5rwllThiRR+IbiO1
Nf5FzMnmtwnB3XClvVtm9jlMzRxYJIMRKyowkRnzOW2pCVuY2OBfQf3SAJXEXqqD
0Luw/oDEJUMQJPdji9mT88q7/vSDsQ59pehHNbB3KlR2zViwZ/Gc0rBqiNSZiPH9
RE1KeL2hqPf01yaiaWSm/w1fDPB/gYGzRoKypwiFRuE353N+x4zYwKZrYOyhfAPG
0YaXzia/1XBEVUcvuROcKcFOa8awqktXXNh7IyPOLOotuoe02shksWzNUM0SbTVZ
tgd3Ie9/f9OCIznYOPHBR0U2segfm6hKegi1rIIozrkA9KHdGuzt3fMLn8eopu8=
=ivlk
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Warning - corrupted waldo file AllowOverride (Oct 06)
- Re: Warning - corrupted waldo file Peter Bates (Oct 07)
  - Re: Warning - corrupted waldo file Jack (Oct 07)
    - Re: Warning - corrupted waldo file AllowOverride (Oct 07)
    - Re: Warning - corrupted waldo file Peter Bates (Oct 07)
    - Re: Warning - corrupted waldo file AllowOverride (Oct 07)
    - Re: Warning - corrupted waldo file Jeremy Hoel (Oct 07)
    - Re: Warning - corrupted waldo file JJC (Oct 08)
    - Re: Warning - corrupted waldo file AllowOverride (Oct 08)
  - Re: Warning - corrupted waldo file AllowOverride (Oct 07)