Snort mailing list archives
Re: Don't create directories on special events ?
From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 08 Aug 2001 13:38:55 -0400
Use some other logging method than the default for production IDS applications, you're in danger of DoS'ing your file system if you use the default. I'd recommend using the binary logging option (-b) or the database at this time. -Marty ks () schuricht de wrote:
Hi, is it possible to create rules that don't create directories for each host that send packets for the selected rule ? Why i ask ? We have very much 'CodeRed' Attacks in our Logfiles. It's not a problem but every day i have to delete about 400 directories created by the 'catch codered rules'. Thanks! Best regards, Kai. -- Abt. eBusiness / Entwicklung D. Schuricht GmbH & Co. KG http://www.schuricht.de _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Don't create directories on special events ? ks (Aug 08)
- Re: Don't create directories on special events ? Martin Roesch (Aug 08)