Re: Archiving Snort logs

["Sharma, Ashish" <ashish.sharma3 () hp com>]

Joel,

Ok I got the point.

There are plenty of approaches to archive DB files.

Here I want to know how can I clean up 'snort.log' files automatically that keep on growing in a production system 
without much admin interference.

Thanks in advance
Ashish Sharma

-----Original Message-----
From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Tuesday, February 23, 2010 8:38 PM
To: firnsy
Cc: Sharma, Ashish; Snort Users List
Subject: Re: [Snort-users] Archiving Snort logs

On Feb 23, 2010, at 5:21 AM, firnsy wrote:

> On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:
>
> > Here I want to know, Is the 'Barnyard2' also cleaning up the snort
> > logs?
>
> No, it doesn't. Barnyard2 is only parsing the snort unified log files.

Although you could save the unified files and read them back into the db at a later time if you wanted to with 
barnyard2.  As for cleaning up the DB, I think there is a script that can clean up the db.

If you Google "snort db cleanup" many sites come up, however, this one popped out at me.  Might give it a shot.

http://www.perlmonks.org/?node_id=247926


--
Joel Esler
302-223-5974






------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users