[Snort-users] Snort 1.9 alert log problem

Schuler, Jeff Jeff.Schuler at ...7702...
Mon Dec 9 08:51:11 EST 2002


I recently upgraded my snort install from 1.8.7 to 1.9 on two redhat 7.2
boxes.  I compiled snort 1.9 with mysql support and it ran fine for about a
day.  The boxes log to a MySQL DB and to the local disk.   I then noticed
that my alert file on each box was 1.4GB in size.  One of these boxes
registers a few hundred hits a day, the other one maybe 3 hits per day, so I
couldn't figure out why both files got to be so large.  The net result was
that it filled up my /var and when it tried to write and couldn't the box
cored.
 
I was running the standard ruleset and the old portscan preprocessor and
that's it. 
 
Any ideas??  
 
Thanks
Jeff Schuler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021209/84bd257a/attachment.html>


More information about the Snort-users mailing list