[Snort-users] Snort log file size is getting huge

beenph beenph at ...11827...
Tue Jul 23 11:17:15 EDT 2013


On Tue, Jul 23, 2013 at 11:10 AM, Maged Shenouda <maged67 at ...125...> wrote:
> I finally was able to make snort logging work but it is getting huge within
> 5-10 minutes?
> The snort.conf file is set as follow
>
> output unified2: filename snort.log, limit 128
>
> but the file size is continuing to grow, it doesn't stop at the 128 mb? what
> is wrong with it? Is that normal?
>
> shouldn't it record only suspecious alerts and not everything?
>
> here is the running process
>
> ps aux | grep -i "snort"
>
> snort    16992  5.8  1.3 594500 221484 ?       Ssl  10:38   0:07
> /usr/local/bin/snort -A full -b -d -D -i eth0 -u snort -g snort -c
> /etc/snort/snort.conf -l /var/log/snort
>
> root     16998  0.2  0.1 146428 22416 ?        Ss   10:38   0:00
> /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -G
> /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -d /var/log/snort -f
> snort.log -w /var/log/snort/barnyard2.waldo -D
> root     17005  0.0  0.0   4404   728 pts/0    S+   10:40   0:00 grep -i
> snort
>


> I even tried the snort without the -A & without -b but same result
>

Remove both arguments if you want your configuration file output directive to be
handled correctly.




More information about the Snort-users mailing list