Snort mailing list archives
Re: Archiving Snort logs
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 24 Feb 2010 10:35:11 -0500
I used to have a script that monitored the age of the files in the logs directory and if they got older than "x" amount of days, then move them to an archive. (Just as easily they could be deleted.) J On Wed, Feb 24, 2010 at 10:20 AM, Sharma, Ashish <ashish.sharma3 () hp com>wrote:
Joel, Ok I got the point. There are plenty of approaches to archive DB files. Here I want to know how can I clean up 'snort.log' files automatically that keep on growing in a production system without much admin interference. Thanks in advance Ashish Sharma -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Tuesday, February 23, 2010 8:38 PM To: firnsy Cc: Sharma, Ashish; Snort Users List Subject: Re: [Snort-users] Archiving Snort logs On Feb 23, 2010, at 5:21 AM, firnsy wrote:On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:Here I want to know, Is the 'Barnyard2' also cleaning up the snort logs?No, it doesn't. Barnyard2 is only parsing the snort unified log files.Although you could save the unified files and read them back into the db at a later time if you wanted to with barnyard2. As for cleaning up the DB, I think there is a script that can clean up the db. If you Google "snort db cleanup" many sites come up, however, this one popped out at me. Might give it a shot. http://www.perlmonks.org/?node_id=247926 -- Joel Esler 302-223-5974
-- Joel Esler 302-223-5974
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Archiving Snort logs Sharma, Ashish (Feb 23)
- Re: Archiving Snort logs firnsy (Feb 23)
- Re: Archiving Snort logs Joel Esler (Feb 23)
- Re: Archiving Snort logs Sharma, Ashish (Feb 24)
- Re: Archiving Snort logs Joel Esler (Feb 24)
- Re: Archiving Snort logs Paul Schmehl (Feb 24)
- Re: Archiving Snort logs justin joseph (Feb 25)
- Re: Archiving Snort logs Joel Esler (Feb 23)
- Re: Archiving Snort logs firnsy (Feb 23)
- Re: Archiving Snort logs Alex Tatistcheff (Feb 24)