[Snort-users] Snortdb against MySQL

Neil Dickey neil at ...1633...
Wed Mar 21 17:50:44 EST 2001


Brian.DeGregorio at ...1630... wrote asking:

>Has anyone found or written a script to go thru the snort database and
>archive old entries? 

If you mean a script that will roll over logs after the manner of Solaris
with respect to /var/adm/messages, then I wrote one that does it.  I run it
once a week out of crontab, keeping the previous 7 weeks for reference
purposes.  I 'gzip' the logs being archived to save space, but you could
make it use any file compressor you have handy.

Let me know if this is what you're interested in, and I'll post a copy.
Obviously, it runs under Solaris but might work in other flavors of unix
as well with a little tweaking.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115






More information about the Snort-users mailing list