[Snort-users] Alert file exceeds 2GB

Dusty Hall halljer at ...8709...
Thu Apr 17 09:30:08 EDT 2003


The problem that I'm running into is importing a snort log file in
tcpdump format into a mysql db using snort.  While importing this log
the alert file grows to the filesystem 2GB limit and then exits.  My
question is why does it write to the alert file when I'm importing into
mysql.  The snort.conf file that I'm using only has this for the output
line:

output database: log, mysql, user=***** password=***** dbname=snort
host=localhost sensor_name=2

Command line syntax:

/usr/local/bin/snort -dve -c /usr/local/snort/etc/snort.conf -l
/usr/local/snort/logs -dr
/usr/local/snort_logs/tcplogs/snort-0417\@0000.log &> /dev/null

Any advise would be greatly appreciated.

Thanks,


-Dusty




More information about the Snort-users mailing list