[Snort-devel] Binary (pcap) Logging Limited to 128M

Todd Wease twease at ...402...
Fri Jun 13 15:24:20 EDT 2008

In your log_tcpdump configuration, the second argument specifies the 
limit, e.g:

output log_tcpdump: tcpdump.log 1G

Modifiers 'K', 'M' and 'G' can be used to express the number in 
kilobytes, megabytes and gigabytes respectively.

Bamm Visscher wrote:
> I don't see a way to override this other than modifying the value at
> compile time. Is that on purpose and if so, why?
> output-plugins/spo_log_tcpdump.c
> #define DEFAULT_LIMIT (128*M_BYTES)
> Bammkkkk

More information about the Snort-devel mailing list