Topic: Snort - Problem with log

[MarkR]

Hi all.

I have installed snort and acid.

But it seems that it keeps restarting itself over and over again.(see log below- this log is repeated)
as anyone else had a problem with this???
My log file is increasing an increasing 160M!! logrotate seems to hang.


Aug  5 05:11:08 reygateway snortd: snort startup succeeded
Aug  5 05:11:08 reygateway snort: PID path stat checked out ok, PID path set to /var/run/
Aug  5 05:11:08 reygateway snort: Writing PID "26556" to file "/var/run//snort_eth1.pid"
Aug  5 05:11:08 reygateway snort: Parsing Rules file /etc/snort/snort.conf
Aug  5 05:11:08 reygateway snort: ,-----------[Flow Config]----------------------
Aug  5 05:11:08 reygateway snort: | Stats Interval:  0
Aug  5 05:11:08 reygateway snort: | Hash Method:     2
Aug  5 05:11:08 reygateway snort: | Memcap:          10485760
Aug  5 05:11:08 reygateway snort: | Rows  :          4099
Aug  5 05:11:08 reygateway snort: | Overhead Bytes:  16400(%0.16)
Aug  5 05:11:08 reygateway snort: ----------------------------------------------
Aug  5 05:11:08 reygateway snort: HttpInspect Config:
Aug  5 05:11:08 reygateway snort:     GLOBAL CONFIG
Aug  5 05:11:08 reygateway snort:       Max Pipeline Requests:    0
Aug  5 05:11:08 reygateway snort:       Inspection Type:          STATELESS

[Black]

I would seriously take that to the Snort forums. I had the same problem and removed snort for now because I dont have the time to deal with that situation right now..Mine would EAT disk space and logrotate would never stop running because it had so many logs to parce.

[mudra]

Just come back from my vacation to find that logrotate has been going on for 2 days, due to the snort logs. I am going to uninstall and wait and see what happens.