[Snort-devel] Binary (pcap) Logging Limited to 128M

Bamm Visscher bamm.visscher at ...2499...
Fri Jun 13 15:39:34 EDT 2008


Can this be fixed?


On Fri, Jun 13, 2008 at 1:37 PM, Todd Wease <twease at ...402...> wrote:
> The limit can only be configured from snort.conf.
>
> Bamm Visscher wrote:
>>
>> What about if you are just using -b from the cmd line b/c you don't
>> want snort in IDS mode?
>>
>>
>> On Fri, Jun 13, 2008 at 1:24 PM, Todd Wease <twease at ...402...> wrote:
>>>
>>> In your log_tcpdump configuration, the second argument specifies the
>>> limit,
>>> e.g:
>>>
>>> output log_tcpdump: tcpdump.log 1G
>>>
>>> Modifiers 'K', 'M' and 'G' can be used to express the number in
>>> kilobytes,
>>> megabytes and gigabytes respectively.
>>>
>>>
>>> Bamm Visscher wrote:
>>>>
>>>> I don't see a way to override this other than modifying the value at
>>>> compile time. Is that on purpose and if so, why?
>>>>
>>>> output-plugins/spo_log_tcpdump.c
>>>> #define DEFAULT_LIMIT (128*M_BYTES)
>>>>
>>>> Bammkkkk
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
>



-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net




More information about the Snort-devel mailing list