Snort mailing list archives

Re: -l parameter

From: "John Creegan" <jcreegan () questarweb com>
Date: Tue, 09 Dec 2003 11:19:01 -0600

Check out the "find" command.  It's usually something like:

find DIRNAME -atime +x -exec rm {} \;

DIRNAME is the starting directory.  This find command will traverse the
tree downward.  For experimentation, I'd replace the "rm" command with
the "ls" command so that you can obtain a list of what objects this
command grabs.  "atime is access time.  + is "this many or more", x is
units measured in days.

<adam_peterson () splwg com> 12/09/03 11:07AM >>>

I see your point.  I'll have to think about it because I do backup the
db 
every night but I run the risk of missing an attack like the slammer
worm 
if I can't write to the db.

My next question is, how do I manage those files?  I don't know of a
good 
way to remove aged files as there is in the db with ACID.  Does anyone

know of a command in Solaris that would allow me to delete files and a

directory structure if they're older than x hours/days?

From: "Michael Steele" <michaels () winsnort com>
To: "'Snort Users List'" <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] -l parameter
Date: Mon, 8 Dec 2003 20:04:04 -0800


Adam,

You just placed all your marbles into one pot. If you loose your

database

you loose it all. At least with the log you could populate the

database 
if

it got corrupted,

I don't suggest anyone do this, especially in a production

environment. 
If

you don't have enough room for the log file, then get a few more megs

of

storage space.

Kindest regards,

The WINSNORT.com Management Team



Adam Peterson | Senior WAN Engineer | SPL WorldGroup | 
adam_peterson () splwg com | +1.415.357.4787


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

-l parameter adam_peterson (Dec 08)
- Re: -l parameter Dirk Geschke (Dec 08)
  - Re: -l parameter Chris Keladis (Dec 08)
- RE: -l parameter Ed Callahan (Dec 09)
- <Possible follow-ups>
- Re: -l parameter adam_peterson (Dec 08)
  - RE: -l parameter Michael Steele (Dec 08)
- Re: -l parameter adam_peterson (Dec 09)
- Re: -l parameter John Creegan (Dec 09)
- Re: -l parameter adam_peterson (Dec 09)
  - Re: -l parameter twig les (Dec 09)
  - RE: -l parameter Ed Callahan (Dec 09)
    - Re: -l parameter Dirk Geschke (Dec 10)
    - RE: -l parameter Antonio Costa (Dec 10)