Snort mailing list archives
Re: -l parameter
From: adam_peterson () splwg com
Date: Tue, 9 Dec 2003 09:07:35 -0800
I see your point. I'll have to think about it because I do backup the db every night but I run the risk of missing an attack like the slammer worm if I can't write to the db. My next question is, how do I manage those files? I don't know of a good way to remove aged files as there is in the db with ACID. Does anyone know of a command in Solaris that would allow me to delete files and a directory structure if they're older than x hours/days?
From: "Michael Steele" <michaels () winsnort com> To: "'Snort Users List'" <snort-users () lists sourceforge net> Subject: RE: [Snort-users] -l parameter Date: Mon, 8 Dec 2003 20:04:04 -0800 Adam, You just placed all your marbles into one pot. If you loose your database you loose it all. At least with the log you could populate the database
if
it got corrupted, I don't suggest anyone do this, especially in a production environment.
If
you don't have enough room for the log file, then get a few more megs of storage space. Kindest regards, The WINSNORT.com Management Team
Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson () splwg com | +1.415.357.4787
Current thread:
- -l parameter adam_peterson (Dec 08)
- Re: -l parameter Dirk Geschke (Dec 08)
- Re: -l parameter Chris Keladis (Dec 08)
- RE: -l parameter Ed Callahan (Dec 09)
- <Possible follow-ups>
- Re: -l parameter adam_peterson (Dec 08)
- RE: -l parameter Michael Steele (Dec 08)
- Re: -l parameter adam_peterson (Dec 09)
- Re: -l parameter John Creegan (Dec 09)
- Re: -l parameter adam_peterson (Dec 09)
- Re: -l parameter twig les (Dec 09)
- RE: -l parameter Ed Callahan (Dec 09)
- Re: -l parameter Dirk Geschke (Dec 10)
- RE: -l parameter Antonio Costa (Dec 10)
- Re: -l parameter Dirk Geschke (Dec 08)