[Snort-users] FATAL ERROR: OpenLogFile:::Too many links
erek at ...950...
Tue Jul 15 12:05:02 EDT 2003
On Tue, 15 Jul 2003, JP Vossen wrote:
> A colleague is getting the following error, after which Snort dies. Google,
> this list archive, the FAQ and a quick look at the source did not help.
> snort: FATAL ERROR: OpenLogFile() =>mkdir(/var/log/snort/64.xxx.xxx.xxx) log
> directory: Too many links
> He also tells me that "/var/log/snort is chock full of subdirectories."
> He's running snort-2.0.0.tar.gz compiled from scratch on RedHat 9.0 with a
> pretty simple command line:
> snort -D -i eth0 -c /%path_to_snort.conf%
> I can get the conf file if anyone cares.
> Anyone have any idea?
Yep. "/var/log/snort is chock full of subdirectories." ;-)
He's decoding to disk. Each IP get's it's own directory, with data
inside. There are simply too many directories for the OS to handle. He
can either switch to binary logging, or try to rebuild his kernel so that
the file limit per directory is increased. Honestly, the first option is
the better one.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users