Re: Snort dies

[Erek Adams <erek () theadamsfamily net>]

On Thu, 7 Nov 2002, Peter Param wrote:

> I've had a similar problem and I couldn't find any logging message for
> clues until I started snort without any parameters in /etc/snort and
> killed it after which I got...<file size exceeded.. stopping> or
> something similar.  I archived the logs and restarted snort to fix this.
>  Is there a parameter/code in snort that would delimit log file size?

Nope.  When Marty first wrote Snort, one thing that was stressed was that
Snort was 'lightweight'.  Now as time and things have changed, it's not
quite as light as it was, but it's till not a huge pig.  Oh, please pardon
the pun....  :)

To my knowledge, you're going to have to stop Snort and restart it each
time that you want to rotate your log files.  There might be a better way,
but that's the best suggestion that I can offer right now.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users