Snort mailing list archives
Re: >2Gb capture files
From: Kiira Triea <kiira-t () mail bsasinc org>
Date: Mon, 25 Jun 2001 07:31:53 -0400 (EDT)
We have a rather high-traffic site, and I just had an embarrasing experience - the snort machine runs RedHat 7.0, and I was running it under screen, so that if it dumped core, I'd see the error messages (It hasn't - nice and stable). However, once the log file reached 2Gb, snort (or glibc) stopped writing... Losing us 18 days of binary packet captures (doh!) Anyway, I have two questions: 1) Does anyone have a good snort logrotate script?
Redhat should already have logrotate set up and the config files in /etc/logrotate.d. It is easy just to mod/cut-paste an entry for any new logs you need to manage. Kiira _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- >2Gb capture files Mayers, Philip J (Jun 25)
- Re: >2Gb capture files Kiira Triea (Jun 25)
- Re: >2Gb capture files Chris Green (Jun 25)
- <Possible follow-ups>
- Re: >2Gb capture files Matthew Collins (Jun 25)
- RE: >2Gb capture files Mayers, Philip J (Jun 26)
- Re: >2Gb capture files Ralf Hildebrandt (Jun 26)