[Snort-users] FATAL ERROR: OpenLogFile:::Too many links

Chris Green cmg at ...1935...
Wed Jul 16 07:17:20 EDT 2003


JP Vossen <vossenjp at ...8683...> writes:

> A colleague is getting the following error, after which Snort dies.  Google,
> this list archive, the FAQ and a quick look at the source did not help.
>
> snort: FATAL ERROR: OpenLogFile() =>mkdir(/var/log/snort/64.xxx.xxx.xxx) log
> directory: Too many links
>
> He also tells me that "/var/log/snort is chock full of subdirectories."
>
> He's running snort-2.0.0.tar.gz compiled from scratch on RedHat 9.0 with a
> pretty simple command line:
> 	snort -D -i eth0 -c /%path_to_snort.conf%
>
> I can get the conf file if anyone cares.
>
> Anyone have any idea?

Default logging mode doesn't scale well. Remove the chockful of
directories and use -A fast -b :)
-- 
Chris Green <cmg at ...1935...>
To err is human, to moo bovine.




More information about the Snort-users mailing list