Snort mailing list archives
Re: Archiving Snort logs
From: Alex Tatistcheff <alex.tatistcheff () gmail com>
Date: Wed, 24 Feb 2010 22:28:58 -0700
Barnyard2 has the option: -a <dir> Archive processed files to <dir> I suppose you could move them to /dev/nul (maybe) or at least once they're moved to the archive folder you specify you know you can clean them up with a cron job or the like. Alex Tatistcheff alext () pobox com On Tue, Feb 23, 2010 at 1:47 AM, Sharma, Ashish <ashish.sharma3 () hp com>wrote:
Hi, I have configured latest Snort build in IDS mode with ‘BASE’ and ‘Barnyard2’. What I understand from here is that ‘Snort’ generates the log in binary form, ‘Barnyard2’ parses them and puts the log messages in mysql DB, then ‘Base’ is used to check out the logs in a web interface. Am I right? Here I want to know, Is the ‘Barnyard2’ also cleaning up the snort logs? If not how could I archive the Snort logs efficiently, Is there any automated solution for this? Also what is the efficient strategy for dealing with Snort logs archiving? Please help Thanks in advance Ashish Sharma ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Archiving Snort logs Sharma, Ashish (Feb 23)
- Re: Archiving Snort logs firnsy (Feb 23)
- Re: Archiving Snort logs Joel Esler (Feb 23)
- Re: Archiving Snort logs Sharma, Ashish (Feb 24)
- Re: Archiving Snort logs Joel Esler (Feb 24)
- Re: Archiving Snort logs Paul Schmehl (Feb 24)
- Re: Archiving Snort logs justin joseph (Feb 25)
- Re: Archiving Snort logs Joel Esler (Feb 23)
- Re: Archiving Snort logs firnsy (Feb 23)
- Re: Archiving Snort logs Alex Tatistcheff (Feb 24)