Snort mailing list archives
Re: How are alerts being logged?
From: Erek Adams <erek () snort org>
Date: Mon, 2 Feb 2004 18:01:03 -0500 (EST)
On Mon, 2 Feb 2004, Peggy Kam wrote:
I am running snort-2.0.4 on RH9. I would like to know how the alerts are logged to the log file? The reason why I am asking is that I would like to know if I am able to move the logs to another log file when the default log file reaches its size limitation.
Well... It depends. Snort's normal alerts don't have any sort of size restriction. If you're not logging to 'unified' then there isn't any sort of size limitation, other than the OS. If you're going to do something like that, you'll need to restart Snort (kill -HUP or stop then start) for the file handle to be closed. Cheers! ----- Erek Adams "It looks just like a Telefunken U-47. You'll love it..." -- Frank Zappa ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- idea for detection of rouge nodes? Fred McFeeters (Feb 01)
- Re: idea for detection of rouge nodes? James Edwards (Feb 01)
- RE: idea for detection of rouge nodes? Fred McFeeters (Feb 02)
- How are alerts being logged? Peggy Kam (Feb 02)
- Re: How are alerts being logged? Erek Adams (Feb 02)
- Re: idea for detection of rouge nodes? James Edwards (Feb 01)