|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: DataShark (nomad_at_datashark.org)
Date: Fri Jan 10 2003 - 09:23:48 CST
My personal fav fix for this:
ln -s /dev/null /var/log/snort/alert
:)
DS
On Thu, 9 Jan 2003 14:53:23 -0500
"Henning, David" <henningd
fortrex.com> wrote:
> I was under the impression that any 32-bit system (x86 architecture) was
> limited to the 2GB file size. Use logrotate or something to keep the file
> sizes managable.
>
>
>
> -----Original Message-----
> From: Javier Liendo [mailto:javierliendo.net]
> Sent: Thursday, January 09, 2003 2:33 PM
> To: Sammy X; snort-userslists.sourceforge.net
> Subject: Re: [Snort-users] 2GB limit?
>
>
> hello
>
> because of the configuration you mentionend you are
> using the ext3 filesystem and afaik that's a limit
> imposed by the filesystem iteself: no file can be
> bigger than 2GB. i used to have a hogwash process that
> crashed everytime the log file grew more than 2GB
> long...hope it helps...
>
> saludos
>
> javier
>
> --- Sammy X <sammy7887yahoo.com> wrote:
> >
> > Has anyone else run into any problems where logging
> > in tcpdump format stops once the log file reaches
> > 2GB? I'm using Snort 1.8.6 (Build 105) on a Redhat
> > 7.2 box with kernel 2.4.7-10. My libpcap is the one
> > the came with Redhat (0.6.2-9). From what I've read
> > so far, it looks like the problem is with libpcap
> > not having been compiled with LFS. Any
> > thoughts/suggestions? Any help is greatly
> > appreciated! Thanks in advance.
> >
> > Sammy
> >
> >
> >
> > ---------------------------------
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up now
>
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> http://www.vasoftware.com _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> ..
> .
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+HuWJRwl70vYIaUMRAjXOAJ93Lk1LLMyvjSHlqzfITd045EgWhQCfR592
XiyR4oSh1lVtA/wVg42O6uE=
=682e
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]