[Oisf-users] Prelude spooler file grows to 100% disk size (suri 2.0.6)
Marius
wishinet at gmail.com
Wed Mar 25 16:43:03 UTC 2015
Hi,
I setup suricata 2.0.6 on a Gentoo Linux box and let it report into Prelude.
# alert output to prelude (http://www.prelude-technologies.com/) only
# available if Suricata has been compiled with --enable-prelude
- alert-prelude:
enabled: yes
profile: suricata
log-packet-content: yes
log-packet-header: yes
This requires the compilation opts:
./configure --sysconfdir=/etc/ --localstatedir=/var/
-disable-gccmarch-native --enable-gccprotect --prefix=/usr
--enable-unix-socket --enable-luajit
--with-libcap_ng-libraries=/usr/local/lib
--with-libcap_ng-includes=/usr/local/include --enable-gccmarch-native
--enable-prelude
This depends on libprelude (1.2.5).
The file /usr/local/var/spool/prelude/suricata/global grows to 100% disk
space once suricata runs for a while.
In fix this with cron (dirty):
rm -rf /usr/local/var/spool/prelude/suricata/global
kill -9 $(cat /var/run/suricata.pid)
Is there any config which would limit this?
Best,
Marius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150325/684fa492/attachment.html>
More information about the Oisf-users
mailing list