[Snort-devel] Binary (pcap) Logging Limited to 128M
bamm.visscher at ...2499...
Fri Jun 13 15:29:07 EDT 2008
What about if you are just using -b from the cmd line b/c you don't
want snort in IDS mode?
On Fri, Jun 13, 2008 at 1:24 PM, Todd Wease <twease at ...402...> wrote:
> In your log_tcpdump configuration, the second argument specifies the limit,
> output log_tcpdump: tcpdump.log 1G
> Modifiers 'K', 'M' and 'G' can be used to express the number in kilobytes,
> megabytes and gigabytes respectively.
> Bamm Visscher wrote:
>> I don't see a way to override this other than modifying the value at
>> compile time. Is that on purpose and if so, why?
>> #define DEFAULT_LIMIT (128*M_BYTES)
sguil - The Analyst Console for NSM
More information about the Snort-devel