Snort mailing list archives
RE: Filesize limit exceeded
From: counter.spy () gmx de
Date: Wed, 1 May 2002 10:16:55 +0200 (MEST)
Kris,
I'm running snort while logging to a mysql database (ACID): output database: alert, mysql, user=user password=pass dbname=snort host=localhost I changed the 'alert' from 'log' to get portscan data, and now I'm getting Filesie limit exceeeded errors from the size of my /var/log/snort directory. Is there a way to montinor portscans from ACID without logging to /var/log/snort?
have you tried logging to /dev/null? ;) e.g. if you want to throw away your locally stored portscans file change preprocessor portscan: 0.0.0.0/0 5 3 portscan.log to preprocessor portscan: 0.0.0.0/0 5 3 /dev/null but I wouldn't do that, because I like to tail -f on the portscan file in order to view portscans in near-realtime. If you want to throw away all of the log files specify -l /dev/null on the command line I haven't tried this but I think it could do exactly what you asked for.
I'm running Linux 2.4.17.
<Thank you.
Hopefully someday, I'll be answering more questions rather than asking them.
NP, let me know if it works for you :) <-Kris Greetings, Detmar -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
Current thread:
- Filesize limit exceeded krista l merrill (Apr 30)
- <Possible follow-ups>
- RE: Filesize limit exceeded counter . spy (May 01)
- RE: Filesize limit exceeded Erek Adams (May 01)