DOS in Snort?

["Counselman, Chris Contractor/Sverdrup" <chris.counselman () us army mil>]

Snort 1.9, RedHat 8.0, SnortSnarf
 
On one of my sensors I have snort logging locally for SnortSnarf. One IP scanned
a class B network I monitor and a snort rule alerted on every IP. This filled
the log directory with thousands of entries that eventually reached the maximum
allowed limit which broke snort. I could not delete all of the directories with
one command because there were so many so I had delete them in small chunks.
Overall it took about 30 minuets to clear up everything. This is an OS issue and
not a snort issue right? Is there a way to limit the number of alerts? Couldn't
any snort box not logging to a database be susceptible to a DOS in this manner?
 
Chris