I believe there is a 2GB file size limit. This was brought up a few times on snort-users and other mailing lists. Just thought you'd like to know. Cheers! Alberto Gonzalez --- "The secret to success is to start from scratch and keep on scratching. -----Original Message----- From: loganalysis-adminat_private [mailto:loganalysis-adminat_private] On Behalf Of Mikael Olsson Sent: Wednesday, February 05, 2003 1:12 PM To: Balazs Scheidler Cc: loganalysisat_private Subject: Re: [logs] How are people bringing DMZ syslog msgs into the central server? Balazs Scheidler wrote: > > syslog-ng supports files over 2GB Hm? Interesting. My syslog-ng on a linux box promptly died every time the daily log hit 2GB. Just exited. This is consistent with how glibc behaves, but I didn't know that at first, so I kept it running in a "while true" loop to keep it from dying on me - it kept looping until the next day, when it started a new output file. My solution then was to move to hourly splitting. Anyway, this wasn't meant as an all-out criticism on syslog-ng. It was just meant to illustrate the point that, while I believe sending the logs straight to a syslog server, it still needs some thought, as is the case with anything related to computer security. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 23:18:13 PST