[Snort-devel] snort Version 2.8.6.rc (Build 16), option -r large.pcap, ... Value too large for defined data type
cpw at ...86...
Tue Feb 23 14:37:36 EST 2010
Not a real big deal. But ...
Error getting stat on pcap file: /data/1266949500.000024.pcap: Value too large for defined data type
ERROR: Error getting pcaps.
Fatal Error, Quitting..
# this file is 5 minutes worth of pcap
$ ls -l /data/1266949500.000024.pcap
-rw-rw-r-- 1 grok grok 10429540832 2010-02-23 11:30 /data/1266949500.000024.pcap
$ /etc/snort/snort -V
,,_ -*> Snort! <*-
o" )~ Version 2.8.6.rc (Build 16)
'''' By Martin Roesch & The Snort Team:
Copyright (C) 1998-2010 Sourcefire, Inc., et al.
Using PCRE version: 7.8 2008-09-05
Not a big deal, I can get around the problem by piping pcap files to
snort. But, it seams reasonable to expect that snort could read large
files. Maybe I just need to know the right configuration option when
building it, or there is an option I don't see off the bat, or there is
another release out!
C. Philip Wood, Int. D.
Senior Member of the Internet
Los Alamos National Laboratory
Key fingerprint: 2BB7 A990 44F5 EF4B 4E35 8635 1205 97D3 F6D8 7F39
E-mail: cpw at ...86..., cornett at ...388...
Phone: 505 667-2598
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part
More information about the Snort-devel