[Snort-users] Snort log file size is getting huge

Maged Shenouda maged67 at ...125...
Tue Jul 23 11:10:55 EDT 2013


I finally was able to make snort logging work but it is getting huge within 5-10 minutes?
The snort.conf file is set as follow
 
output unified2: filename snort.log, limit 128
 
but the file size is continuing to grow, it doesn't stop at the 128 mb? what is wrong with it? Is that normal?
 
shouldn't it record only suspecious alerts and not everything?
 
here is the running process
 
ps aux | grep -i "snort"

snort    16992  5.8  1.3 594500 221484 ?       Ssl  10:38   0:07 /usr/local/bin/snort -A full -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort

root     16998  0.2  0.1 146428 22416 ?        Ss   10:38   0:00 /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D
root     17005  0.0  0.0   4404   728 pts/0    S+   10:40   0:00 grep -i snort
 
I even tried the snort without the -A & without -b but same result

Please help
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130723/6bad9f8a/attachment.html>


More information about the Snort-users mailing list