[Snort-users] new user, great product, but ...

Neil Dickey neil at ...1633...
Tue Apr 22 14:09:11 EDT 2003


"Allen, Garrett" <Garrett.Allen at ...8966...> wrote:

[ ... ]
>we were able to quickly detect where
>the problem originated from and shut the machine down.  but in the meantime
>snort generated enough log files to fill /var.  ouch.  any way to slow down
>the volume of log entries?  any other operational tips?

You could use a command-line option to put the log files somewhere
other than /var until you get mysql going.  Use a filesystem with
*lots* of space, and that won't cause the operating system to pitch
a fit if it should happen to get packed.

Something like ...

  snort < ... > -l $LOGPATH < ... >

... should do it.  The filesystem I'm currently using is a 10-gig
partition, though I've never needed anything like that much space.
I set it up right after I stuffed my original and smaller log
directory during a packet storm one day.  ;-)

It happens sometimes.

Just curious:  What did y'all do to the salesman?

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115




More information about the Snort-users mailing list