[Snort-devel] Limit size on pcap files?

Camilo Viecco cviecco at ...1183...
Tue Jan 25 05:43:06 EST 2005


Hello List..

On Jan 13 I sent an email to Daniel Roelker with my proposed changes and 
patch. I have not had any response since then (maybe the email got lost? 
maybe my spam filters are too agresive?). Anyway I am resubmmiting my 
patch here.

I added two new flags to the snort command line to control the way it 
works (-G max_packet count and -H max_file_size_in_megs).

The system also limits the number of new files to 1 per sec, to:
1. avoid going to much to the filesystem
2. more important-> avoid replacement of old files for name clash!

Hope you enjoy them, the diff files are based on snort-2.3.0RC2.

Any questions, do not hesitate to contact me.


Camilo Viecco
ANML Indiana University


-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.c
Type: text/x-c
Size: 68294 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050125/b1b9e7a7/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.h
Type: text/x-c-header
Size: 9458 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050125/b1b9e7a7/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spo_log_tcpdump.c
Type: text/x-c
Size: 14788 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050125/b1b9e7a7/attachment-0002.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.c.diff
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050125/b1b9e7a7/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.h.diff
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050125/b1b9e7a7/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: spo_log_tcpdump.c.diff
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050125/b1b9e7a7/attachment-0002.ksh>


More information about the Snort-devel mailing list