Thu Nov 23 16:36:19 EST 2017
NOTE: By default, log_packets.sh is set up to have snort log EVERY packet on
the network. A bpf filter example is included in the script. Use bpf to tune
the amount of logging based on the available drive space. It is highly
recommended to create a seperate partion for logging data to. The sensor agent
reports currect disk stats to sguild, but the user is responsible for
deleting/archiving old data at this time.
Good thing diskspace is cheap :)
On Thu, Aug 07, 2003 at 06:44:36AM -0600, Slighter, Tim wrote:
> There is one issue of concern with sguil that may have an easy workaround.
> It appears that the log_packets.sh script outputs enough data to the
> /snort_data/dailylogs directory to fill up the entire filesystem in less
> than one day. There are options to write filters into this script and that
> could mitigate a significant part of the problem but these filters could
> take a substantial amount of work!
> Tim Slighter
More information about the Snort-users