Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and real-time alerting

From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 28 May 2012 14:40:49 -0400
On 5/28/2012 12:14, Jeronimo L. Cabral wrote:

Coming back to real-time monitoring of Snort, my Snort generates a lot
of snort log files under /var/log/snort, they have different names.

What can I do to monitor Snort if the file name changes ???


what logging type are you using? if those files are what i think they are, they 
are actually pcap files and you have an alert file as well... if they are pcap 
files only, then you can keep them for some random X time and then delete them 
unless you have something else (reporting tools) that might use them if you go 
back into history...

mine are named like "snort.log.1279385047" and they range in size due to the 
traffic captured for alerts between snort restarts...

so, what are you trying to use to monitor snort via those files??


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: