[Snort-users] Snort 1.9 alert log problem
Jeff.Schuler at ...7702...
Mon Dec 9 08:51:11 EST 2002
I recently upgraded my snort install from 1.8.7 to 1.9 on two redhat 7.2
boxes. I compiled snort 1.9 with mysql support and it ran fine for about a
day. The boxes log to a MySQL DB and to the local disk. I then noticed
that my alert file on each box was 1.4GB in size. One of these boxes
registers a few hundred hits a day, the other one maybe 3 hits per day, so I
couldn't figure out why both files got to be so large. The net result was
that it filled up my /var and when it tried to write and couldn't the box
I was running the standard ruleset and the old portscan preprocessor and
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users