Snort mailing list archives
Re: 2.0 GB Max file size on linux packet captures
From: Shane Williams <shanew () shanew net>
Date: Wed, 24 Sep 2003 18:35:12 -0500 (CDT)
Note that it's not just the OS or Filesystem that needs LFS support, but libpcap as well. Most 2.4 kernel based linux distros can already handle large files, but for some reason, many of the libs and utilities they provide don't use it. In my experience libpcap is one of these. For me, this has meant recompiling libpcap with the extra flags mentioned at the URL Erek provided (and then recompiling tcpdump or snort, though I don't think they need the flags themselves, they just need to point to the right libpcap). On Wed, 24 Sep 2003, Erek Adams wrote:
On Wed, 24 Sep 2003, Scott Williams (Network) wrote:When I do tcpdump or snort packet captures to disk, I keep hitting a max file size of 2GB. I've tried different versions of RedHat. From web searches, it seems like I need to enable Large File Support (LFS), but this doesn't seem well documented or supported. Does anyone have experience doing this or is there a linux distro that defaults to LFS?Sure. It's called "Solaris" or "OpenBSD". ;-) http://www.suse.de/~aj/linux_lfs.html (All your answers belong to Google) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | System Admin - UT iSchool =----------------------------------+------------------------------- All syllogisms contain three lines | shanew () shanew net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 2.0 GB Max file size on linux packet captures Scott Williams (Network) (Sep 24)
- Re: 2.0 GB Max file size on linux packet captures Erek Adams (Sep 24)
- Re: 2.0 GB Max file size on linux packet captures Shane Williams (Sep 24)
- Re: 2.0 GB Max file size on linux packet captures Dragos Ruiu (Sep 24)
- Re: 2.0 GB Max file size on linux packet captures Phil Wood (Sep 25)
- Re: 2.0 GB Max file size on linux packet captures Erek Adams (Sep 24)