Snort mailing list archives

>2Gb capture files

From: "Mayers, Philip J" <p.mayers () ic ac uk>
Date: Mon, 25 Jun 2001 10:59:46 +0100

We have a rather high-traffic site, and I just had an embarrasing experience
- the snort machine runs RedHat 7.0, and I was running it under screen, so
that if it dumped core, I'd see the error messages (It hasn't - nice and
stable). However, once the log file reached 2Gb, snort (or glibc) stopped
writing... Losing us 18 days of binary packet captures (doh!)

Anyway, I have two questions:

1) Does anyone have a good snort logrotate script?
2) If I upgrade the system to RedHat 7.1, will snort/libpcap suddenly be
"ok" with such large files?

Regards,
Phil

+----------------------------------+
| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |
+----------------------------------+

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

>2Gb capture files Mayers, Philip J (Jun 25)
- Re: >2Gb capture files Kiira Triea (Jun 25)
- Re: >2Gb capture files Chris Green (Jun 25)
- <Possible follow-ups>
- Re: >2Gb capture files Matthew Collins (Jun 25)
- RE: >2Gb capture files Mayers, Philip J (Jun 26)
  - Re: >2Gb capture files Ralf Hildebrandt (Jun 26)