Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FATAL ERROR: OpenLogFile:::Too many links

From: Erek Adams <erek () snort org>
Date: Tue, 15 Jul 2003 15:03:39 -0400 (EDT)
On Tue, 15 Jul 2003, JP Vossen wrote:


A colleague is getting the following error, after which Snort dies.  Google,
this list archive, the FAQ and a quick look at the source did not help.

snort: FATAL ERROR: OpenLogFile() =>mkdir(/var/log/snort/64.xxx.xxx.xxx) log
directory: Too many links

He also tells me that "/var/log/snort is chock full of subdirectories."

He's running snort-2.0.0.tar.gz compiled from scratch on RedHat 9.0 with a
pretty simple command line:
      snort -D -i eth0 -c /%path_to_snort.conf%

I can get the conf file if anyone cares.

Anyone have any idea?


Yep.  "/var/log/snort is chock full of subdirectories."  ;-)

He's decoding to disk.  Each IP get's it's own directory, with data
inside.  There are simply too many directories for the OS to handle.  He
can either switch to binary logging, or try to rebuild his kernel so that
the file limit per directory is increased.  Honestly, the first option is
the better one.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: