Re: Snort dies after a few days.

[Shane Williams <shanew () shanew net>]

On Mon, 25 Mar 2002, Bill McCarty wrote:

> My Snort dies when a binary log file reaches a bit over 2 GB. I thought RHL 
> 7.2 and the 2.4 kernel allowed files to exceed this limit, but apparently 
> not. I'll check further when I get the version of Snort that I just 
> compiled to properly generate alerts <grin>.

This is a "bug" in the libpcap RPM that comes with RH 7.2.  I reported
this issue to RH last week as I was having the same problem with
tcpdump.

I recompiled libpcap from source using the following defines in the
Makefile and everything works fine:
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE

For more info on large file support, see
http://www.suse.de/~aj/linux_lfs.html

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |                               
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew () shanew net
Therefore this is not a syllogism  |   www.gslis.utexas.edu/~shanew


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users