Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Log Rotation (fwd)

From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 5 Dec 2003 15:42:10 -0800
You should ONLY be patching the CRITICAL patches ASAP. The others can be
scheduled when ever you want. Microsoft is revamping the patching process
for monthly, except for the critical ones.

It is not possible to be patching every couple of days. It is NOT required
to reboot after every singe patch, only if the patch requires you to reboot.

There is also no comparison between a BSOD and a reboot due to a scheduled
update, or patch.

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users-
admin () lists sourceforge net] On Behalf Of JP Vossen
Sent: Friday, December 05, 2003 7:08 AM
To: Keaton, Lindamaria
Cc: MH; Snort Users List
Subject: [Snort-users] Re: Log Rotation (fwd)

Hi Mike,

I think you meant to send this to Lindamaria and the list...

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?


---------- Forwarded message ----------
Date: Fri, 5 Dec 2003 09:39:17 -0500
From: MH <procana () insight rr com>
To: vossenjp () netaxs com
Subject: Re: Log Rotation

Hi Lindamaria,

Here is a simple script that should work for you:

- ---------------------
#!/bin/ksh


newdir=~/snort_logs/log$(date  "+%m_%d_%y")
snortdir=/var/log/snort/log


if [[ ! -e $newdir && ! -d $newdir ]]; then
        mkdir $newdir
 fi
##### path cat to where the pid file is written
kill -9 `cat /var/run/snort_xl0.pid`


if [[ ! -e $snortdir/alert ]]; then
        exit
fi
if [[ -e $newdir ]]; then
        mv $snortdir/* $newdir/
        #####  Change youruser to the account to own the dir
        chown -R youruser:youruser $newdir/
fi


/usr/local/bin/snort -bDA full -c /usr/local/snort/etc/snort.conf -l
/var/log/snort/log

- ----------------------

Remember to change the paths and such to suit your
enviornment. Just cron this to run everynight.

Once the files are moved into my archive dir, I have another script that
generates reports so I get a daily summary as well as monthly and long
term
trending.  If you are interested, I will send you a sample of the report
script.

Hope this helps,
Mike



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: