From: Dave Jones <davej@redhat.com>
To: jmerkey@comcast.net
Cc: Andreas Dilger <adilger@clusterfs.com>, linux-kernel@vger.kernel.org
Subject: Re: Ext3 File System "Too many files" with snort
Date: Fri, 9 Jul 2004 18:04:54 +0100 [thread overview]
Message-ID: <20040709170454.GB3891@redhat.com> (raw)
In-Reply-To: <070920041636.14668.40EEC97D000D82330000394C2200748184970A059D0A0306@comcast.net>
On Fri, Jul 09, 2004 at 04:36:14PM +0000, jmerkey@comcast.net wrote:
> > Do you create a subdirectory for every user?
> Yes. Snort creates a subdirectory for each IP address identified as generation an attack
> or alert. This number can get very large, BTW.
The last time I looked at snort it created a tcpdump capture file of the
days activity. I remember seeing the behaviour you describe in an earlier
release, so either you have an old version (which you should probably
update given snort's sketchy security hole history), or theres a configuration
option that you might be able to fiddle with to get it to work in capture-file
mode.
Either way, it's got to be easier than hacking ext3 code 8)
Dave
next prev parent reply other threads:[~2004-07-09 17:05 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-09 16:36 Ext3 File System "Too many files" with snort jmerkey
2004-07-09 17:04 ` Dave Jones [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-07-10 6:00 jmerkey
2004-07-10 8:38 ` Dave Jones
2004-07-09 23:11 jmerkey
2004-07-09 19:20 jmerkey
2004-07-10 5:07 ` Hans Reiser
2004-07-10 8:33 ` Dave Jones
2004-07-10 17:37 ` Hans Reiser
2004-07-10 17:44 ` Christoph Hellwig
2004-07-10 17:57 ` Hans Reiser
2004-07-10 18:54 ` Christoph Hellwig
2004-07-10 19:23 ` Hans Reiser
2004-07-12 10:20 ` Paolo Ciarrocchi
2004-07-12 12:11 ` Jesper Juhl
2004-07-12 23:05 ` Bernd Eckenfels
2004-07-18 7:22 ` Hans Reiser
2004-07-10 19:11 ` Francois Romieu
2004-07-09 19:01 jmerkey
2004-07-09 19:08 ` Pete Harlan
2004-07-14 3:37 ` Ben Hoskings
2004-07-09 18:51 jmerkey
2004-07-09 18:30 jmerkey
2004-07-09 18:44 ` Hans Reiser
2004-07-09 22:26 ` Andreas Dilger
2004-07-09 18:30 jmerkey
2004-07-08 17:51 jmerkey
2004-07-08 18:21 ` Andreas Dilger
2004-07-11 14:55 ` Michelle Konzack
2004-07-11 17:16 ` Andreas Dilger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040709170454.GB3891@redhat.com \
--to=davej@redhat.com \
--cc=adilger@clusterfs.com \
--cc=jmerkey@comcast.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.