Snort mailing list archives
Re: -l parameter
From: "John Creegan" <jcreegan () questarweb com>
Date: Tue, 09 Dec 2003 11:19:01 -0600
Check out the "find" command. It's usually something like: find DIRNAME -atime +x -exec rm {} \; DIRNAME is the starting directory. This find command will traverse the tree downward. For experimentation, I'd replace the "rm" command with the "ls" command so that you can obtain a list of what objects this command grabs. "atime is access time. + is "this many or more", x is units measured in days.
<adam_peterson () splwg com> 12/09/03 11:07AM >>>
I see your point. I'll have to think about it because I do backup the db every night but I run the risk of missing an attack like the slammer worm if I can't write to the db. My next question is, how do I manage those files? I don't know of a good way to remove aged files as there is in the db with ACID. Does anyone know of a command in Solaris that would allow me to delete files and a directory structure if they're older than x hours/days?
From: "Michael Steele" <michaels () winsnort com> To: "'Snort Users List'" <snort-users () lists sourceforge net> Subject: RE: [Snort-users] -l parameter Date: Mon, 8 Dec 2003 20:04:04 -0800 Adam, You just placed all your marbles into one pot. If you loose your
database
you loose it all. At least with the log you could populate the
database if
it got corrupted, I don't suggest anyone do this, especially in a production
environment. If
you don't have enough room for the log file, then get a few more megs
of
storage space. Kindest regards, The WINSNORT.com Management Team
Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson () splwg com | +1.415.357.4787 This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure,copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- -l parameter adam_peterson (Dec 08)
- Re: -l parameter Dirk Geschke (Dec 08)
- Re: -l parameter Chris Keladis (Dec 08)
- RE: -l parameter Ed Callahan (Dec 09)
- <Possible follow-ups>
- Re: -l parameter adam_peterson (Dec 08)
- RE: -l parameter Michael Steele (Dec 08)
- Re: -l parameter adam_peterson (Dec 09)
- Re: -l parameter John Creegan (Dec 09)
- Re: -l parameter adam_peterson (Dec 09)
- Re: -l parameter twig les (Dec 09)
- RE: -l parameter Ed Callahan (Dec 09)
- Re: -l parameter Dirk Geschke (Dec 10)
- RE: -l parameter Antonio Costa (Dec 10)
- Re: -l parameter Dirk Geschke (Dec 08)