[Snort-users] Alert file exceeds 2GB

Erek Adams erek at ...950...
Mon Apr 21 11:18:27 EDT 2003


On Thu, 17 Apr 2003, Erick Mechler wrote:

> :: The problem that I'm running into is importing a snort log file in
> :: tcpdump format into a mysql db using snort.  While importing this log
> :: the alert file grows to the filesystem 2GB limit and then exits.  My
> :: question is why does it write to the alert file when I'm importing into
> :: mysql.  The snort.conf file that I'm using only has this for the output
> :: line:
>
> This question has been answered a couple times on the list previously.
> Please check the archives and you should find what you're looking for.

Actually, that wasn't his question.  His question was 'Why does it (snort)
write to the alert file when I'm importing into MySQL?'.  The 2GB file
limit has been beaten to death, yes.  :)

Dusty, you need to turn off alerting/logging.  Try using '-A none' or '-N'
and see if one of those fixes it.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list