Snort mailing list archives

Re: Don't create directories on special events ?

From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 08 Aug 2001 13:38:55 -0400

Use some other logging method than the default for production IDS
applications, you're in danger of DoS'ing your file system if you use
the default.  I'd recommend using the binary logging option (-b) or the
database at this time.

     -Marty

ks () schuricht de wrote:


Hi,

is it possible to create rules that don't create directories for each
host that send packets for the selected rule ?

Why i ask ?

We have very much 'CodeRed' Attacks in our Logfiles. It's not a problem but
every day i have to delete about 400 directories created by the 'catch
codered
rules'.

Thanks!

Best regards,
  Kai.

--
Abt. eBusiness / Entwicklung
D. Schuricht GmbH & Co. KG
http://www.schuricht.de

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Martin Roesch
roesch () sourcefire com
http://www.sourcefire.com - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Don't create directories on special events ? ks (Aug 08)
- Re: Don't create directories on special events ? Martin Roesch (Aug 08)