[Snort-users] 2.0 GB Max file size on linux packet captures

Dragos Ruiu dr at ...381...
Wed Sep 24 18:07:10 EDT 2003

On September 24, 2003 03:42 pm, Scott Williams (Network) wrote:
> When I do tcpdump or snort packet captures to disk, I keep hitting a max
> file size of 2GB. I've tried different versions of RedHat. From web
> searches, it seems like I need to enable Large File Support (LFS), but
> this doesn't seem well documented or supported.
> Does anyone have experience doing this or is there a linux distro that
> defaults to LFS?

Why do you want file segment sizes larger than this? 2gb mouthfulls are 
quite a lot. I cycle my capture files at much smaller sizes because searching 
through and copying big chunks like this are a pain. 256-512Mb you
can put on a cdr seem nice.


pgpkey http://dragos.com/ kyxpgp

More information about the Snort-users mailing list