Snort mailing list archives

Re: 2GB limit on alert log

From: Shane Williams <shanew () shanew net>
Date: Thu, 22 Jul 2004 17:42:23 -0500 (CDT)

On Wed, 21 Jul 2004, Aaron wrote:

Has anyone found a good procedure for getting past the 2GB 
limit on snorts alert log?

[snipped]

I tried recompiling libpcap with -D_FILE_OFFSET_BITS=64 
and -D_LARGEFILE_SOURCE but that did not seem to help.


When you say the "alert log" do you mean the plain text file that
lists the various alerts?  If so, then recompiling libpcap wouldn't
help (since it only has to do with network capture files), as you
learned.  If you haven't already, you might try recompiling snort
itself with those two options and see if that helps.

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew () shanew net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

2GB limit on alert log Aaron (Jul 21)
- Re: 2GB limit on alert log Keith W. McCammon (Jul 21)
- Re: 2GB limit on alert log Shane Williams (Jul 22)