Snort mailing list archives
Re: Log Rotation
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 2 Oct 2001 13:24:18 -0700 (PDT)
On Tue, 2 Oct 2001, DeBerry, Casey wrote:
Running snort 1.8 on solaris 7. In the past, using linux, have had success with log-rotate script.. but it used the gcc date function to call previous days date.. ie: PAST=`date --date='1 day ago' +%b%d_%Y This ran as a cron job at 12:01 am and worked great. Solaris however, does not use gcc date.. I guess I could run my own bits, but thought there was something out there that might be a little bit more elegant.
Simpler perhaps is the following: -- #! /bin/sh # # DATE=`/usr/bin/date +%m-%d-%y` LOGDIR=/var/log LOG=authlog if test -d $LOGDIR then cd $LOGDIR if test -s $LOG then mv $LOG $LOG.$DATE cp /dev/null $LOG chmod 644 $LOG sleep 10 fi fi # kill -HUP `cat /var/run/snort.le0` # /usr/bin/cat $LOG.$DATE | /local/snort/snort_stat.pl | /usr/lib/sendmail root -- And I just run it at 23:59. ;-)
I need to run snort in a distributed environment, and thought plugging to a database would create too much overhead. Mabye ACID? Anyone have ideas or input.
Not unless you are really pounding your link. Drop a backend net onto each sensor, log over the admin backend for DB and Normal alerts. Of course, that's _never_ been done. *innocent look* Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log Rotation DeBerry, Casey (Oct 02)
- Re: Log Rotation Erek Adams (Oct 02)
- Re: Log Rotation brandon (Oct 03)
- Re: Log Rotation Erek Adams (Oct 02)