Snort mailing list archives

Re: >2Gb capture files

From: Kiira Triea <kiira-t () mail bsasinc org>
Date: Mon, 25 Jun 2001 07:31:53 -0400 (EDT)


We have a rather high-traffic site, and I just had an embarrasing experience
- the snort machine runs RedHat 7.0, and I was running it under screen, so
that if it dumped core, I'd see the error messages (It hasn't - nice and
stable). However, once the log file reached 2Gb, snort (or glibc) stopped
writing... Losing us 18 days of binary packet captures (doh!)

Anyway, I have two questions:

1) Does anyone have a good snort logrotate script?


Redhat should already have logrotate set up and the config
files in /etc/logrotate.d. It is easy just to mod/cut-paste
an entry for any new logs you need to manage. 

Kiira 

 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

>2Gb capture files Mayers, Philip J (Jun 25)
- Re: >2Gb capture files Kiira Triea (Jun 25)
- Re: >2Gb capture files Chris Green (Jun 25)
- <Possible follow-ups>
- Re: >2Gb capture files Matthew Collins (Jun 25)
- RE: >2Gb capture files Mayers, Philip J (Jun 26)
  - Re: >2Gb capture files Ralf Hildebrandt (Jun 26)