[Snort-users] SnortSnarf performance

agetchel at ...1525... agetchel at ...1525...
Mon Mar 26 23:39:20 EST 2001

	If possible, how about rotating the log every day so the alert file
doesn't grow too large?  Manipulation of large log files is a problem in a
firewall application that we all know and love *coughfirewall-1cough*, and
the solution is to do an fwlogswitch when it grows above about 30MB to 40MB.


Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel at ...1525...
Web     http://www.kde.state.ky.us/

> -----Original Message-----
> From: Siddhartha Jain [mailto:s_i_d_j at ...131...]
> Sent: Monday, March 26, 2001 6:04 PM
> To: hoagland at ...47...; snort-users at lists.sourceforge.net
> Subject: [Snort-users] SnortSnarf performance
> Hi,
> I am using SnortSnarf-111500.1 to generate reports from 
> 'alert' produced by
> Snort. The problem is SnortSnarf takes too much memory and 
> time to produce
> the html once the alert file grows too large. I am running 
> SnortSnarf on a
> E220R (Dual UltraSparc-450MHz with 1GB RAM). I run SnortSnarf 
> every half an
> hour thru' cron but once the size of the alert file grows above 50 MB,
> snortsnarf takes more than half an hour to end so the html is 
> almost always
> unaccessible thru' the web server. How do i help the 
> reporting process? My
> alert file grows to >50MB in just a couple of days. This is 
> how i run snort,
> ./snort -D -de -C -i hme1 -l ../log -c ../conf/snort.conf
> TIA,
> Siddhartha
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list