[Snort-users] snort just stop when more 32000 alerts (different IPs) aregenerated

maguiler at ...10756... maguiler at ...10756...
Mon Dec 15 07:44:27 EST 2003


Hi

The network I’m monitoring is quite big (actually it’s huge). Every time
works fine, until more than 32000 alerts (different IP’s) aregenerated.
When this happens, snort just stop probably because of an operating system
restriction. 

This happens, in my networks, about every 20-30 minutes, and the reported
error is about the impossibility of creating more directories within the
snort logging directories. Of course after the directory is cleaned
(restore to zero contents) everything runs fine for a while until 32000
different IP alerts aregenerated again. 

Could you help me, I mean any clue about now to work around the problem?
Any one with the same problem to resolve? Is it a common compliant? Mave
you plans to overcome this limitation?

Thank you!

Meilys AM






More information about the Snort-users mailing list