[Snort-users] Alert file exceeds 2GB
erek at ...950...
Mon Apr 21 11:18:27 EDT 2003
On Thu, 17 Apr 2003, Erick Mechler wrote:
> :: The problem that I'm running into is importing a snort log file in
> :: tcpdump format into a mysql db using snort. While importing this log
> :: the alert file grows to the filesystem 2GB limit and then exits. My
> :: question is why does it write to the alert file when I'm importing into
> :: mysql. The snort.conf file that I'm using only has this for the output
> :: line:
> This question has been answered a couple times on the list previously.
> Please check the archives and you should find what you're looking for.
Actually, that wasn't his question. His question was 'Why does it (snort)
write to the alert file when I'm importing into MySQL?'. The 2GB file
limit has been beaten to death, yes. :)
Dusty, you need to turn off alerting/logging. Try using '-A none' or '-N'
and see if one of those fixes it.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users