[Snort-users] Snort log file size is getting huge
beenph at ...11827...
Tue Jul 23 11:17:15 EDT 2013
On Tue, Jul 23, 2013 at 11:10 AM, Maged Shenouda <maged67 at ...125...> wrote:
> I finally was able to make snort logging work but it is getting huge within
> 5-10 minutes?
> The snort.conf file is set as follow
> output unified2: filename snort.log, limit 128
> but the file size is continuing to grow, it doesn't stop at the 128 mb? what
> is wrong with it? Is that normal?
> shouldn't it record only suspecious alerts and not everything?
> here is the running process
> ps aux | grep -i "snort"
> snort 16992 5.8 1.3 594500 221484 ? Ssl 10:38 0:07
> /usr/local/bin/snort -A full -b -d -D -i eth0 -u snort -g snort -c
> /etc/snort/snort.conf -l /var/log/snort
> root 16998 0.2 0.1 146428 22416 ? Ss 10:38 0:00
> /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -G
> /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -d /var/log/snort -f
> snort.log -w /var/log/snort/barnyard2.waldo -D
> root 17005 0.0 0.0 4404 728 pts/0 S+ 10:40 0:00 grep -i
> I even tried the snort without the -A & without -b but same result
Remove both arguments if you want your configuration file output directive to be
More information about the Snort-users