Snort mailing list archives
Re: Snort alert when the log reaches 75% full
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Sun, 2 Aug 2009 09:48:29 -0400
http://support.microsoft.com/kb/112509 2013 error. Change threshold to 75%. Give the log its own partition/drive. Getting Windows to forward events to your syslog is easy enough though you may need some third party software. There are other, better ways to accomplish your goal. As for the Windows thing, people end up running Snort on Windows because that is all they know how to use. I think it's better to run Snort on an OS you understand than have a sensor fleet of Snort boxes that nobody in your organization can maintain that are therefore neglected and ignored. Steve Mullins On Wed, Jul 29, 2009 at 10:57 AM, Livingston, Kevin E Mr CTR USA IMCOM<KEVIN.LIVINGSTON2 () us army mil> wrote:
How can I get snort (on a windows box) to send a syslog message when the log reaches 75% full Thanks, Kevin V/r Kevin Livingston Network Engineer BCTC, Fort Hood, TX Cell 254-247-7534 "01000011010000110100111001000001" Tell us how we are doing. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort alert when the log reaches 75% full Livingston, Kevin E Mr CTR USA IMCOM (Jul 29)
- Re: Snort alert when the log reaches 75% full Joel Esler (Jul 29)
- Re: Snort alert when the log reaches 75% full Livingston, Kevin E Mr CTR USA IMCOM (Jul 29)
- Re: Snort alert when the log reaches 75% full Joel Esler (Jul 29)
- Re: Snort alert when the log reaches 75% full William Young (Jul 29)
- Re: Snort alert when the log reaches 75% full Martin Hochreiter (Jul 29)
- Re: Snort alert when the log reaches 75% full Livingston, Kevin E Mr CTR USA IMCOM (Jul 29)
- Re: Snort alert when the log reaches 75% full Stephen Mullins (Aug 02)
- Re: Snort alert when the log reaches 75% full Joel Esler (Jul 29)