[Snort-users] >2Gb capture files

Kiira Triea kiira-t at ...2241...
Mon Jun 25 07:31:53 EDT 2001


> 
> We have a rather high-traffic site, and I just had an embarrasing experience
> - the snort machine runs RedHat 7.0, and I was running it under screen, so
> that if it dumped core, I'd see the error messages (It hasn't - nice and
> stable). However, once the log file reached 2Gb, snort (or glibc) stopped
> writing... Losing us 18 days of binary packet captures (doh!)
> 
> Anyway, I have two questions:
> 
> 1) Does anyone have a good snort logrotate script?

Redhat should already have logrotate set up and the config
files in /etc/logrotate.d. It is easy just to mod/cut-paste
an entry for any new logs you need to manage. 

Kiira 

 




More information about the Snort-users mailing list