Snort mailing list archives
Re: Snort log file size is getting huge
From: Maged Shenouda <maged67 () hotmail com>
Date: Tue, 23 Jul 2013 11:18:40 -0400
I am sorry, but the local.rules file was active with the following rules, that's why I got hit with everything alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"tcp traffic inbound"; classtype:tcp-connection; sid:1; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"tcp traffic outbound"; classtype:tcp-connection; sid:2; rev:1;) alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"ip traffic inbound"; classtype:unknown; sid:3; rev:1;) alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"ip traffic outbound"; classtype:unknown; sid:4; rev:1;) alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"udp traffic inbound"; classtype:misc-activity; sid:5; rev:1;) alert udp $HOME_NET any -> $EXTERNAL_NET any (msg:"udp traffic outbound"; classtype:misc-activity; sid:6; rev:1;) alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"icmp traffic inbound"; classtype:icmp-event; sid:7; rev:1;) alert icmp $HOME_NET any -> $EXTERNAL_NET any (msg:"icmp traffic outbound"; classtype:icmp-event; sid:8; rev:1;) but even though, shouldn't it be limited to 128 mb accorfing to the snort.conf? From: maged67 () hotmail com To: snort-users () lists sourceforge net Date: Tue, 23 Jul 2013 11:10:55 -0400 Subject: [Snort-users] Snort log file size is getting huge I finally was able to make snort logging work but it is getting huge within 5-10 minutes? The snort.conf file is set as follow output unified2: filename snort.log, limit 128 but the file size is continuing to grow, it doesn't stop at the 128 mb? what is wrong with it? Is that normal? shouldn't it record only suspecious alerts and not everything? here is the running process ps aux | grep -i "snort" snort 16992 5.8 1.3 594500 221484 ? Ssl 10:38 0:07 /usr/local/bin/snort -A full -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort root 16998 0.2 0.1 146428 22416 ? Ss 10:38 0:00 /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D root 17005 0.0 0.0 4404 728 pts/0 S+ 10:40 0:00 grep -i snort I even tried the snort without the -A & without -b but same result Please help ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort log file size is getting huge Maged Shenouda (Jul 23)
- Re: Snort log file size is getting huge beenph (Jul 23)
- Re: Snort log file size is getting huge Maged Shenouda (Jul 23)
- Re: Snort log file size is getting huge waldo kitty (Jul 23)
- Re: Snort log file size is getting huge Maged Shenouda (Jul 23)
- Re: Snort log file size is getting huge waldo kitty (Jul 23)
- Re: Snort log file size is getting huge waldo kitty (Jul 23)