[Snort-users] 2.0 GB Max file size on linux packet captures
cpw at ...440...
Thu Sep 25 13:51:05 EDT 2003
Build your own libpcap by hardcodeing this into your Makefile:
DEFS = -DHAVE_CONFIG_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
and do a 'make clean all'.
and, if you are building an application which reads and writes files
which could get larger than 2G, that does not use libpcap than just make
sure you incorporate the BITS and SOURCE defines in your make file.
PS: if you are really into rolling your own, try the pcap distribution
at http://public.lanl.gov/cpw (Number 2). It builds with large files
in mind and captures more packets than the other "distros".
On Wed, Sep 24, 2003 at 04:42:18PM -0600, Scott Williams (Network) wrote:
> When I do tcpdump or snort packet captures to disk, I keep hitting a max
> file size of 2GB. I've tried different versions of RedHat. From web
> searches, it seems like I need to enable Large File Support (LFS), but
> this doesn't seem well documented or supported.
> Does anyone have experience doing this or is there a linux distro that
> defaults to LFS?
Phil Wood (cpw_at_lanl.gov)
More information about the Snort-users