Snort mailing list archives
Re: snort tcpdump binary file mirroing overnetwork.
From: Michael Sierchio <kudzu () tenebras com>
Date: Sat, 25 Oct 2003 17:29:54 -0700
You may not find this particularly helpful, but I'll mention it anyway. On a different sensor box (these are Soekris net4501s, adequate for *recording* all packets at T1 rate), I run tcpdump as a service: tcpdump -n -i sis1 -s 0 -w /var/tcpdump/rawdump -C 8 which writes to a file on a memory (RAM) disk so that the file is closed and a new file written to when the size exceeds 8,000,000 bytes. A cron job runs each minute to move any old files off of the machine, which has no disk other than a compact flash. This seems to work reasonably well, and doesn't require the Phil Wood patch at the current data rate. ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: snort tcpdump binary file mirroing overnetwork. Shawn Truax (Oct 25)
- Re: snort tcpdump binary file mirroing overnetwork. Michael Sierchio (Oct 25)
- <Possible follow-ups>
- RE: snort tcpdump binary file mirroing overnetwork. Donofrio, Lewis (Oct 29)
- RE: snort tcpdump binary file mirroing overnetwork. Keith Long (Oct 29)
- RE: snort tcpdump binary file mirroing overnetwork. samwun (Nov 02)