Re: new user, great product, but ...

[Neil Dickey <neil () geol niu edu>]

"Allen, Garrett" <Garrett.Allen () ser com> wrote:

[ ... ]
> we were able to quickly detect where
> the problem originated from and shut the machine down.  but in the meantime
> snort generated enough log files to fill /var.  ouch.  any way to slow down
> the volume of log entries?  any other operational tips?

You could use a command-line option to put the log files somewhere
other than /var until you get mysql going.  Use a filesystem with
*lots* of space, and that won't cause the operating system to pitch
a fit if it should happen to get packed.

Something like ...

  snort < ... > -l $LOGPATH < ... >

... should do it.  The filesystem I'm currently using is a 10-gig
partition, though I've never needed anything like that much space.
I set it up right after I stuffed my original and smaller log
directory during a packet storm one day.  ;-)

It happens sometimes.

Just curious:  What did y'all do to the salesman?

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users