[Snort-users] SnortSnarf

Helmut Schneider jumper99 at ...348...
Sun Oct 20 05:16:02 EDT 2002


first of all if this is OT please tell me where I could post...

I use SnortSnarf with my logs. The problem is that it uses a huge amount of
memory. I use OpenBSD31 on a 266PII with 256MB RAM and a 256MB swap file.
If the portscan.log is just 2MB file size, perl needs 64MB of memory. But my
logfile grows 2MB a day, so you can imagine the problem.
But not enough, the new portscan log2 format (snort1.9) is even about 8
times bigger!

What can I do? Use another tool (ACID)?! Buy another 16GB of memory and
another 160GB drive just for the swap file?! ;)
I would like to get at least 3 months logged.

Thanks, Helmut

More information about the Snort-users mailing list