Re: Hey, how could i delete the alert log cuz /var is full

[Matt Kettler <mkettler () evi-inc com>]

In your situation.. I'd copy it to a volume with space and just gzip it so 
it's smaller.

Then to prevent the problem in the future set up logrotate, or some other 
log management tool so that your alert file gets rotated once a week or so.

Most Linux boxes already have logrotate going, so you can just edit your 
logrotate.conf and tell it to rotate "/var/log/snort/alert" along with the 
others. Have it send a SIGHUP snort as a postrotate event.

At 03:24 AM 1/16/2004, soldier Mx wrote:
> Heyyy, yeah
> my /Var is full because the alert log,,
> is generatin alot of them,
> how could i delete,, some of them,,
> like the last 5 days of the alert log..
> i want just one week to log, and then to delete the
> last...
> lines, cuz the log is soo
> bigg..
> -rw-rw-rw-    1 root     root     400818176 Jan 15
> 10:27 alert
> -rw-------    1 root     root      1941614 Jan 15
> 08:26 portscan.log
> -rw-------    1 root     root      2733688 Jan 13
> 18:30 scan.log
> -rw-------    1 root     root       170665 Oct 29
> 23:51 snort.log.1067492961
>
> so i dont know what to do ..
>
> thanks!
> i'd like to delete the last logs,, but not the newests
> logs, since 5 days to now..



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users