Snort mailing list archives
RE: Re: Log Rotation (fwd)
From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 5 Dec 2003 15:42:10 -0800
You should ONLY be patching the CRITICAL patches ASAP. The others can be scheduled when ever you want. Microsoft is revamping the patching process for monthly, except for the critical ones. It is not possible to be patching every couple of days. It is NOT required to reboot after every singe patch, only if the patch requires you to reboot. There is also no comparison between a BSOD and a reboot due to a scheduled update, or patch. Kindest regards, The WINSNORT.com Management Team -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of JP Vossen Sent: Friday, December 05, 2003 7:08 AM To: Keaton, Lindamaria Cc: MH; Snort Users List Subject: [Snort-users] Re: Log Rotation (fwd) Hi Mike, I think you meant to send this to Lindamaria and the list... Later, JP ------------------------------|:::======|-------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ------------------------------|=========|-------------------------------- You used to have to reboot the Windows 9.x series every couple of days because it would crash. Now you have to reboot Windows 200x or XP every couple of days because of a patch. How is that better or more stable? ---------- Forwarded message ---------- Date: Fri, 5 Dec 2003 09:39:17 -0500 From: MH <procana () insight rr com> To: vossenjp () netaxs com Subject: Re: Log Rotation Hi Lindamaria, Here is a simple script that should work for you: - --------------------- #!/bin/ksh newdir=~/snort_logs/log$(date "+%m_%d_%y") snortdir=/var/log/snort/log if [[ ! -e $newdir && ! -d $newdir ]]; then mkdir $newdir fi ##### path cat to where the pid file is written kill -9 `cat /var/run/snort_xl0.pid` if [[ ! -e $snortdir/alert ]]; then exit fi if [[ -e $newdir ]]; then mv $snortdir/* $newdir/ ##### Change youruser to the account to own the dir chown -R youruser:youruser $newdir/ fi /usr/local/bin/snort -bDA full -c /usr/local/snort/etc/snort.conf -l /var/log/snort/log - ---------------------- Remember to change the paths and such to suit your enviornment. Just cron this to run everynight. Once the files are moved into my archive dir, I have another script that generates reports so I get a daily summary as well as monthly and long term trending. If you are interested, I will send you a sample of the report script. Hope this helps, Mike ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Log Rotation (fwd) JP Vossen (Dec 05)
- RE: Re: Log Rotation (fwd) Michael Steele (Dec 05)