[Snort-users] Snortdb against MySQL
neil at ...1633...
Wed Mar 21 17:50:44 EST 2001
Brian.DeGregorio at ...1630... wrote asking:
>Has anyone found or written a script to go thru the snort database and
>archive old entries?
If you mean a script that will roll over logs after the manner of Solaris
with respect to /var/adm/messages, then I wrote one that does it. I run it
once a week out of crontab, keeping the previous 7 weeks for reference
purposes. I 'gzip' the logs being archived to save space, but you could
make it use any file compressor you have handy.
Let me know if this is what you're interested in, and I'll post a copy.
Obviously, it runs under Solaris but might work in other flavors of unix
as well with a little tweaking.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users