[Snort-users] packet logging, a newbie question
brs at ...664...
Thu Oct 19 16:11:00 EDT 2000
Is it typical to run snort with packet logging off until an incident is in
progress? The server that I am initially playing with snort on has limited
disk space and snort seems to fill it up fairly quickly. What is the
typical/recommended way to control this or would I simply need to build a
server with lots of disk space.
I am currently using the rules that ship with snort during my
experimentation. Am I just fully understanding its usage yet?
Thanks in advance,
More information about the Snort-users