[Snort-users] 2GB limit on alert log

Shane Williams shanew at ...5387...
Thu Jul 22 15:43:06 EDT 2004


On Wed, 21 Jul 2004, Aaron wrote:

> Has anyone found a good procedure for getting past the 2GB 
> limit on snorts alert log?
[snipped]
> I tried recompiling libpcap with -D_FILE_OFFSET_BITS=64 
> and -D_LARGEFILE_SOURCE but that did not seem to help.

When you say the "alert log" do you mean the plain text file that
lists the various alerts?  If so, then recompiling libpcap wouldn't
help (since it only has to do with network capture files), as you
learned.  If you haven't already, you might try recompiling snort
itself with those two options and see if that helps.

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew at ...5387...
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew





More information about the Snort-users mailing list