Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SnortSnarf

From: "Helmut Schneider" <jumper99 () gmx de>
Date: Sun, 20 Oct 2002 14:15:10 +0200
Hi,

first of all if this is OT please tell me where I could post...

I use SnortSnarf with my logs. The problem is that it uses a huge amount of
memory. I use OpenBSD31 on a 266PII with 256MB RAM and a 256MB swap file.
If the portscan.log is just 2MB file size, perl needs 64MB of memory. But my
logfile grows 2MB a day, so you can imagine the problem.
But not enough, the new portscan log2 format (snort1.9) is even about 8
times bigger!

What can I do? Use another tool (ACID)?! Buy another 16GB of memory and
another 160GB drive just for the swap file?! ;)
I would like to get at least 3 months logged.

Thanks, Helmut



-------------------------------------------------------
This sf.net email is sponsored by:
Access Your PC Securely with GoToMyPC. Try Free Now
https://www.gotomypc.com/s/OSND/DD
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: