Re: Snort alert when the log reaches 75% full

[William Young <williamdyoung () gmail com>]

What you want is really a function you need Windows to do. Not Snort.
http://support.microsoft.com/kb/324796

--------------------------------
William Young


On Wed, Jul 29, 2009 at 11:16 AM, Livingston, Kevin E Mr CTR USA IMCOM <
KEVIN.LIVINGSTON2 () us army mil> wrote:

> Thanks for the quick reply J. Has anyone heard of a DISA STIG? One of these
> DISA STIG calls for " NET0386 - FW or IDS must alarm at 75% log capacity".
> So I was wondering if anyone has had to work with this?
>
> Thanks,
> Kevin
>
> -----Original Message-----
> From: Joel Esler [mailto:jesler () sourcefire com]
> Sent: Wednesday, July 29, 2009 10:05 AM
> To: Livingston, Kevin E Mr CTR USA IMCOM
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort alert when the log reaches 75% full
>
> Well, you can't Kevin.
>
> What you can do, however, is write to unified and have Snort automatically
> roll the size of the file over when it gets too big.
> Snort does not monitor disk space.
>
> J
>
> On Wednesday, July 29, 2009, Livingston, Kevin E Mr CTR USA IMCOM
> <KEVIN.LIVINGSTON2 () us army mil> wrote:
> > How can I get snort (on a windows box) to send a syslog message when
> > the log reaches 75% full
> >
> > Thanks, Kevin
> >
> > V/r
> > Kevin Livingston
> > Network Engineer
> > BCTC, Fort Hood, TX
> > Cell 254-247-7534
> > "01000011010000110100111001000001"
> >
> >
> >
> > Tell us how we are doing.
> >
> >
> >
> >
> > ----------------------------------------------------------------------
> > -------- Let Crystal Reports handle the reporting - Free Crystal
> > Reports 2008 30-Day trial. Simplify your report design, integration
> > and deployment - and focus on what you do best, core application
> > coding. Discover what's new with Crystal Reports now.
> > http://p.sf.net/sfu/bobj-july
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users