Snort mailing list archives
Re: Archiving Snort logs
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Wed, 24 Feb 2010 23:12:02 -0600
Not trying to be a smartass, but you have heard of syslog, right? vi /etc/newsyslog.conf and add /var/log/snort/snort.u2.* 660 100 * @T00 BG /var/run/snort/snort_eth0.pid Please don't copy the example. Read the man page. --On February 24, 2010 3:20:18 PM +0000 "Sharma, Ashish" <ashish.sharma3 () hp com> wrote:
Joel, Ok I got the point. There are plenty of approaches to archive DB files. Here I want to know how can I clean up 'snort.log' files automatically that keep on growing in a production system without much admin interference. Thanks in advance Ashish Sharma -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Tuesday, February 23, 2010 8:38 PM To: firnsy Cc: Sharma, Ashish; Snort Users List Subject: Re: [Snort-users] Archiving Snort logs On Feb 23, 2010, at 5:21 AM, firnsy wrote:On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:Here I want to know, Is the 'Barnyard2' also cleaning up the snort logs?No, it doesn't. Barnyard2 is only parsing the snort unified log files.Although you could save the unified files and read them back into the db at a later time if you wanted to with barnyard2. As for cleaning up the DB, I think there is a script that can clean up the db. If you Google "snort db cleanup" many sites come up, however, this one popped out at me. Might give it a shot. http://www.perlmonks.org/?node_id=247926 -- Joel Esler 302-223-5974 ------------------------------------------------------------------------ ------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Archiving Snort logs Sharma, Ashish (Feb 23)
- Re: Archiving Snort logs firnsy (Feb 23)
- Re: Archiving Snort logs Joel Esler (Feb 23)
- Re: Archiving Snort logs Sharma, Ashish (Feb 24)
- Re: Archiving Snort logs Joel Esler (Feb 24)
- Re: Archiving Snort logs Paul Schmehl (Feb 24)
- Re: Archiving Snort logs justin joseph (Feb 25)
- Re: Archiving Snort logs Joel Esler (Feb 23)
- Re: Archiving Snort logs firnsy (Feb 23)
- Re: Archiving Snort logs Alex Tatistcheff (Feb 24)