Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Log Rotation (fwd)

From: JP Vossen <vossenjp () netaxs com>
Date: Fri, 5 Dec 2003 10:08:04 -0500 (EST)
Hi Mike,

I think you meant to send this to Lindamaria and the list...

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?


---------- Forwarded message ----------
Date: Fri, 5 Dec 2003 09:39:17 -0500
From: MH <procana () insight rr com>
To: vossenjp () netaxs com
Subject: Re: Log Rotation

Hi Lindamaria,

Here is a simple script that should work for you:

- ---------------------
#!/bin/ksh


newdir=~/snort_logs/log$(date  "+%m_%d_%y")
snortdir=/var/log/snort/log


if [[ ! -e $newdir && ! -d $newdir ]]; then
        mkdir $newdir
 fi
##### path cat to where the pid file is written
kill -9 `cat /var/run/snort_xl0.pid`


if [[ ! -e $snortdir/alert ]]; then
        exit
fi
if [[ -e $newdir ]]; then
        mv $snortdir/* $newdir/
        #####  Change youruser to the account to own the dir
        chown -R youruser:youruser $newdir/
fi


/usr/local/bin/snort -bDA full -c /usr/local/snort/etc/snort.conf -l /var/log/snort/log

- ----------------------

Remember to change the paths and such to suit your
enviornment. Just cron this to run everynight.

Once the files are moved into my archive dir, I have another script that
generates reports so I get a daily summary as well as monthly and long term
trending.  If you are interested, I will send you a sample of the report
script.

Hope this helps,
Mike



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: