Snort mailing list archives
Re: Archiving Snort logs
From: justin joseph <justinjoseph007 () gmail com>
Date: Thu, 25 Feb 2010 16:21:12 +0530
On Wed, Feb 24, 2010 at 8:50 PM, Sharma, Ashish <ashish.sharma3 () hp com>wrote:
Joel, Ok I got the point. There are plenty of approaches to archive DB files. Here I want to know how can I clean up 'snort.log' files automatically that keep on growing in a production system without much admin interference.
http://linuxcommand.org/man_pages/logrotate8.html
Thanks in advance Ashish Sharma -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Tuesday, February 23, 2010 8:38 PM To: firnsy Cc: Sharma, Ashish; Snort Users List Subject: Re: [Snort-users] Archiving Snort logs On Feb 23, 2010, at 5:21 AM, firnsy wrote:On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:Here I want to know, Is the 'Barnyard2' also cleaning up the snort logs?No, it doesn't. Barnyard2 is only parsing the snort unified log files.Although you could save the unified files and read them back into the db at a later time if you wanted to with barnyard2. As for cleaning up the DB, I think there is a script that can clean up the db. If you Google "snort db cleanup" many sites come up, however, this one popped out at me. Might give it a shot. http://www.perlmonks.org/?node_id=247926 -- Joel Esler 302-223-5974 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Archiving Snort logs Sharma, Ashish (Feb 23)
- Re: Archiving Snort logs firnsy (Feb 23)
- Re: Archiving Snort logs Joel Esler (Feb 23)
- Re: Archiving Snort logs Sharma, Ashish (Feb 24)
- Re: Archiving Snort logs Joel Esler (Feb 24)
- Re: Archiving Snort logs Paul Schmehl (Feb 24)
- Re: Archiving Snort logs justin joseph (Feb 25)
- Re: Archiving Snort logs Joel Esler (Feb 23)
- Re: Archiving Snort logs firnsy (Feb 23)
- Re: Archiving Snort logs Alex Tatistcheff (Feb 24)