Re: Question about snortsnarf

["Eric Joe" <sysop () tje1 com>]

How often are you parsing your log file? I have a Quad Xeon (p2-450)
server /w 512 megs of ram and I have to "rotate" my snort log daily or the
snortsnarf process becomes HUGE and hogs most of the system resources.
In all fairness, there is a ton of log entries and IMHO, most perl
proggies are resource hogs.

Eric


> Has anyone gotten this thing to work?  I've run it several times, and I
> finally cancel it after it eats all the memory and still never writes
> anything to the hard drive.
>
> I'm using /usr/local/bin/snortsnarf -d /usr/local/www/snortsnarf/
> -homenet x.x.x.x/16 -maxtime=today snort:sn0rts@snort@localhost and
> it's been running for over two hours!  Right now it's up to 295MB of
> RAM and 57.67% of the processor.  WTF???
>
> And while we're at it, what does barnyard do?
>
> Paul Schmehl (pauls () utdallas edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> http://www.utdallas.edu/~pauls/
> AVIEN Founding Member
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list


-- 
Eric Joe
Network Operations
Journey's End Internet/Computer Connection Inc




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users