|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Shane Williams (shanew_at_shanew.net)
Date: Thu Jan 09 2003 - 16:46:46 CST
I think you should add "-shared" and "-fPIC" to the CCOPTS line, but
it's been months since I've done it, so that may not be it at all.
On Thu, 9 Jan 2003, Sammy wrote:
> Shane, I did get the source of libcap I compiled it after adding the
> following lines to the savefile.c -
> #ifdef linux
> #define _FILE_OFFSET_BITS 64
> #define _LARGEFILE64_SOURCE
> #endif
>
> However, when it compiled, it created a .a static library instead of an .so shared object library that my current Snort is running against. Any ideas how I can get a .so file compiled? Thanks.
> Shane Williams <shanew
shanew.net> wrote:Actually, this isn't a filesystem limit if you're using ext2 or ext3
> on RH 7.2
>
> It might be in snort, but from my expereince with tcpdump, I would
> suspect the libpcap package.
>
> I compiled my own libpcap because I was running into the same 2G limit
> with tcpdump. The trick is to add "-D_FILE_OFFSET_BITS=64
> -D_LARGEFILE_SOURCE" to the "DEFS =" line in your makefile. After
> replacing the RH supplied libpcap with my version, tcpdump will go
> much higher (I can't say for sure, but I've got files as large as 12G
> now).
>
> I suspect if you do a search for that string you'll more about this
> issue, and a better explanation.
>
>
> On Thu, 9 Jan 2003, Javier Liendo wrote:
>
> > hello
> >
> > because of the configuration you mentionend you are
> > using the ext3 filesystem and afaik that's a limit
> > imposed by the filesystem iteself: no file can be
> > bigger than 2GB. i used to have a hogwash process that
> > crashed everytime the log file grew more than 2GB
> > long...hope it helps...
> >
> > saludos
> >
> > javier
> >
> > --- Sammy X wrote:
> > >
> > > Has anyone else run into any problems where logging
> > > in tcpdump format stops once the log file reaches
> > > 2GB? I'm using Snort 1.8.6 (Build 105) on a Redhat
> > > 7.2 box with kernel 2.4.7-10. My libpcap is the one
> > > the came with Redhat (0.6.2-9). From what I've read
> > > so far, it looks like the problem is with libpcap
> > > not having been compiled with LFS. Any
> > > thoughts/suggestions? Any help is greatly
> > > appreciated! Thanks in advance.
> > >
> > > Sammy
> > >
> > >
> > >
> > > ---------------------------------
> > > Do you Yahoo!?
> > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now
> >
> >
> >
> > -------------------------------------------------------
> > This SF.NET email is sponsored by:
> > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> > http://www.vasoftware.com
> > _______________________________________________
> > Snort-users mailing list
> > Snort-userslists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
-- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | System Admin - UT iSchool =----------------------------------+------------------------------- All syllogisms contain three lines | shanew------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]