[Snort-devel] Binary (pcap) Logging Limited to 128M

Bamm Visscher bamm.visscher at ...2499...
Fri Jun 13 15:29:07 EDT 2008


What about if you are just using -b from the cmd line b/c you don't
want snort in IDS mode?


On Fri, Jun 13, 2008 at 1:24 PM, Todd Wease <twease at ...402...> wrote:
> In your log_tcpdump configuration, the second argument specifies the limit,
> e.g:
>
> output log_tcpdump: tcpdump.log 1G
>
> Modifiers 'K', 'M' and 'G' can be used to express the number in kilobytes,
> megabytes and gigabytes respectively.
>
>
> Bamm Visscher wrote:
>>
>> I don't see a way to override this other than modifying the value at
>> compile time. Is that on purpose and if so, why?
>>
>> output-plugins/spo_log_tcpdump.c
>> #define DEFAULT_LIMIT (128*M_BYTES)
>>
>> Bammkkkk
>>
>>
>>
>
>



-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net




More information about the Snort-devel mailing list