[Snort-users] >2Gb capture files

Mayers, Philip J p.mayers at ...1913...
Tue Jun 26 05:35:45 EDT 2001

Except that a simple HUP doesn't work if you don't run as root (you don't
run as root, right?)


| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |

-----Original Message-----
From: Ralf Hildebrandt [mailto:Ralf.Hildebrandt at ...821...]
Sent: 25 June 2001 12:24
To: vogt at ...2362...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] >2Gb capture files

On Mon, Jun 25, 2001 at 12:37:21PM +0200, vogt at ...2362... wrote:

> look at what kernel 7.1 uses. the 2.4 kernel series supports files larger
> than 2 gb (anyone
> know where the new upper limit is?). so if 7.1 is 2.4.x then you should be
> fine. or you could stay at 7.0 and just upgrade the kernel.

But, really, try restarting snort maybe once a day.

Snort creates a new binary logfile. You can delete old files simply by
using find. 

It's a non-problem...
ralf.hildebrandt at ...821...                            innominate AG
Technical Consultant                   Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX                        fax: +49.(0)30.308806-77

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list