Re: -l parameter

[adam_peterson () splwg com]

I see your point.  I'll have to think about it because I do backup the db 
every night but I run the risk of missing an attack like the slammer worm 
if I can't write to the db.

My next question is, how do I manage those files?  I don't know of a good 
way to remove aged files as there is in the db with ACID.  Does anyone 
know of a command in Solaris that would allow me to delete files and a 
directory structure if they're older than x hours/days?

> From: "Michael Steele" <michaels () winsnort com>
> To: "'Snort Users List'" <snort-users () lists sourceforge net>
> Subject: RE: [Snort-users] -l parameter
> Date: Mon, 8 Dec 2003 20:04:04 -0800
>
>
> Adam,
>
> You just placed all your marbles into one pot. If you loose your database
> you loose it all. At least with the log you could populate the database 
if
> it got corrupted,
>
> I don't suggest anyone do this, especially in a production environment. 
If
> you don't have enough room for the log file, then get a few more megs of
> storage space.
>
> Kindest regards,
>
> The WINSNORT.com Management Team


Adam Peterson | Senior WAN Engineer | SPL WorldGroup | 
adam_peterson () splwg com | +1.415.357.4787