RE: log rotation scripts?

[Dragos Ruiu <dr () kyx net>]

There is a logfile rotation script in the snort FAQ
(v1.82 will be checked into cvs shortly... 1.81 attached)

If you have a better one you'd like to suggest I'll be happy
to use it in the FAQ  if there is some concensus amogst snort 
users...  This one was picked out of the postings until that
point many months ago...

cheers,
--dr

On Wed, 01 Aug 2001, Jason Smith wrote:
> If you are using RedHat 7.1 use the logrotate program.  It is already setup
> to run in cron.  All I've done is create /etc/logrotate.d/snort with these
> two entries in it:
> /var/log/snort/alert {
>         rotate 4
>         errors root
>         mail email@.com
>         mailfirst
> }
>
> /var/log/snort/portscan.log {
>         rotate 4
>         errors root
>         mail email@.com
>         mailfirst
> }
>
> And I've added /etc/cron.daily/snort.cron 
> #!/bin/bash
>
> kill `cat /var/run/snort_eth0.pid`
> /usr/local/bin/snort -A fast -bs -u snort -g snort -c /etc/snort/snort.conf
> -D
>
> Nothing very fancy but it rotates my portscan.log and alert file once a week
> and keeps 4 weeks worth.  It also starts a new binary log file every day.
> The only problem I've seen is that I don't get the emails from the logrotate
> file, and I'm not sure why. (Not terribly important though).  
>
> Hope this helps.  If you have any questions just let me know.
>
> Jason
>
> -----Original Message-----
> From: Migus, Adam [mailto:Adam_Migus () NAI com]
> Sent: Wednesday, August 01, 2001 3:41 PM
> To: 'snort-users () lists sourceforge net'
> Subject: [Snort-users] log rotation scripts?
>
>
> I'm sure this question has been asked many different ways many times before
> but here I go again.  Does anyone have any snort log rotation scripts they
> are rather fond of and wouldn't mind giving away?  Something suitable for
> rotating weekly and back saving a few months would be nice.  Thanks.
>
> Adam
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Dragos Ruiu <dr () dursec com>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc

Attachment: FAQ-v1.8.1
Description: