Snort mailing list archives
RE: Question about snortsnarf
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 12 Feb 2003 23:36:07 -0600
The log files are rotated daily. But I'm running snortsnarf against the mysql database. What I don't understand is the program has run for hours and never written a single file to the hard drive. Does it actually try to put everything in memory before it writes anything out? Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member -----Original Message----- From: Eric Joe [mailto:sysop () tje1 com] Sent: Wednesday, February 12, 2003 11:07 PM To: Schmehl, Paul L Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Question about snortsnarf How often are you parsing your log file? I have a Quad Xeon (p2-450) server /w 512 megs of ram and I have to "rotate" my snort log daily or the snortsnarf process becomes HUGE and hogs most of the system resources. In all fairness, there is a ton of log entries and IMHO, most perl proggies are resource hogs. Eric
Has anyone gotten this thing to work? I've run it several times, and I finally cancel it after it eats all the memory and still never writes anything to the hard drive. I'm using /usr/local/bin/snortsnarf -d /usr/local/www/snortsnarf/ -homenet x.x.x.x/16 -maxtime=today snort:sn0rts@snort@localhost and it's been running for over two hours! Right now it's up to 295MB of RAM and 57.67% of the processor. WTF??? And while we're at it, what does barnyard do? Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
-- Eric Joe Network Operations Journey's End Internet/Computer Connection Inc ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about snortsnarf Schmehl, Paul L (Feb 12)
- <Possible follow-ups>
- Re: Question about snortsnarf Eric Joe (Feb 12)
- RE: Question about snortsnarf Schmehl, Paul L (Feb 12)
- RE: Question about snortsnarf James Hoagland (Feb 13)
- RE: Question about snortsnarf Paul Schmehl (Feb 13)
- RE: Question about snortsnarf Eric Joe (Feb 13)
- RE: Question about snortsnarf James Hoagland (Feb 13)