[Snort-users] packet logging, a newbie question

Bennett Samowich brs at ...664...
Thu Oct 19 09:13:31 EDT 2000


Is it typical to run snort with packet logging off until an incident is in 
progress?  The server that I am initially playing with snort on has limited 
disk space and snort seems to fill it up fairly quickly.  What is the 
typical/recommended way to control this or would I simply need to build a 
server with lots of disk space.

I am currently using the rules that ship with snort during my 
experimentation.  Am I just fully understanding its usage yet?

Thanks in advance,
- Bennett

More information about the Snort-users mailing list