Snort mailing list archives

Re: Barnyard2 error

From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 24 Jul 2013 17:25:17 -0400

I also get those questions, and I always give the same response.

If the 'WARNINGS:' messages are boiler plate for a particular set of event/s
within Barnyard2, maybe expanding in the 'WARNING:' to include a reasonable
explanation of why the 'WARNING:' occurred.

WARNING: Ignoring corrupt/truncated waldofile
'/var/log/snort/barnyard2.waldo'
INFO: Creating a new Waldo file. It appears there is no waldo file, or it
possibly has been truncated zero bytes..

Best regards,
Michael...

-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net] 
Sent: Wednesday, July 24, 2013 3:06 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Barnyard2 error

On 7/24/2013 10:15, Abid Ayoub wrote:

Hello,
when i run the "barnyard2" with the next command:
/usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -d 
/var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo I got:

[trim]

WARNING: Ignoring corrupt/truncated waldofile

'/var/log/snort/barnyard2.waldo'

Waiting for new spool file
So, how can i solve this problem ? any idea ?


that's not an error... that is a warning... there is a difference ;)

it is simply telling you that there is no waldo file or that it is truncated
(possibly to zero bytes)... when the alerts start appearing in your snort.u2
file(s), the waldo file will be created and maintained...

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

----------------------------------------------------------------------------
--
See everything from the browser to the database with AppDynamics Get
end-to-end visibility with application monitoring from AppDynamics Isolate
bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!



------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Barnyard2 error Abid Ayoub (Jul 24)
- Re: Barnyard2 error beenph (Jul 24)
  - Re: Barnyard2 error Abid Ayoub (Jul 24)
    - Re: Barnyard2 error Abid Ayoub (Jul 24)
    - Re: Barnyard2 error beenph (Jul 24)
    - Re: Barnyard2 error Abid Ayoub (Jul 24)
    - Re: Barnyard2 error beenph (Jul 24)
- Re: Barnyard2 error waldo kitty (Jul 24)
  - Re: Barnyard2 error Michael Steele (Jul 24)