Snort mailing list archives

Newbie Question

From: "Wilcoxen, Scott" <SWilcoxen () macf com>
Date: Fri, 25 Apr 2003 14:38:09 -0400

I'm relatively new to both Snort and Linux, so please bear with me here.
I have got snort setup on two separate machines.  One machine is
listening to traffic on the outside of my firewall and the other on the
inside.  On a third machine I've got a MySQL database to which I'm
logging alerts.  I've setup an apache web server on this machine as well
and am using ACID to view the alerts being logged.  My sensors are
logging all packets in binary tcp dump format on the local hard drive.
I would like to setup a cron job to move these logs to another machine
everyday so that the hard drives on my sensors don't fill up.  I'm
starting snort in daemon mode and noticed that when I move the logs it
doesn't seem to start another one.  So my theory was that if I stop
snort, move the logs, and restart snort I would be ok.  Problem is I
can't find a way to stop snort short of issuing a 'kill pid'.  I want to
script all of this.  Any suggestions?  

 

 

 

Scott S Wilcoxen

Macfadden & Associates, Inc.

Office: 301.562.3046

Mobile: 410.688.2813

Fax: 301.588.0390

Email: SWilcoxen () macf com

www.macf.com

Current thread:

Newbie question Chris (Apr 21)
- Re: Newbie question Erick Mechler (Apr 21)
- Re: Newbie question (FAQ 4.3 update requested) Matt Kettler (Apr 21)
- <Possible follow-ups>
- RE: Newbie question Potts, Ross A. (Apr 23)
- Newbie Question Wilcoxen, Scott (Apr 25)
- RE: Newbie Question Pacheco, Michael F. (Apr 25)
- RE: Newbie Question Wilcoxen, Scott (Apr 27)