[Snort-users] Performance Question
mb at ...10481...
Thu Feb 19 17:33:01 EST 2004
i installed Snort 2.01 as SuSE 9 RPM. The programm itself logs all rule
faults in /var/log/snort as complete snort.log + creates for all ips an
extra folder inclusive the fault message as single file from the ip.
My first question, is this a common option that snorts creates an extra
folder for all ips ?
If not, how to deactivate it.
Second question, can these tons of folders/files (about 2000-5000) can
effect the server performance ?
I don`t think so, but one person from our data center insists on that the
"snort" logging process
is the problem for high loads in combination with logrotate.
Thanks for your time.
More information about the Snort-users