[Snort-users] Snort log file size is getting huge

waldo kitty wkitty42 at ...14940...
Tue Jul 23 12:25:17 EDT 2013


On 7/23/2013 11:18, Maged Shenouda wrote:
> I am sorry, but the local.rules file was active with the following rules, that's
> why I got hit with everything

ahh, yes... you did first place those as local.rules instead of local-test.rules 
as instructed... that will definitely cause snort to read and log all traffic...

> but even though, shouldn't it be limited to 128 mb accorfing to the snort.conf?

i haven't dug into the code by it may do that during a quiet period when it is 
not busy snorting traffic... the main goal is to snort traffic so other tasks 
may be put off until a quiet period... just a WAG on my part ;)

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list