[Snort-users] Log Rotation
erek at ...577...
Tue Oct 2 13:25:02 EDT 2001
On Tue, 2 Oct 2001, DeBerry, Casey wrote:
> Running snort 1.8 on solaris 7. In the past, using linux, have had success
> with log-rotate script.. but it used the gcc date function to call previous
> days date.. ie:
> PAST=`date --date='1 day ago' +%b%d_%Y
> This ran as a cron job at 12:01 am and worked great. Solaris however, does
> not use gcc date.. I guess I could run my own bits, but thought there was
> something out there that might be a little bit more elegant.
Simpler perhaps is the following:
if test -d $LOGDIR
if test -s $LOG
mv $LOG $LOG.$DATE
cp /dev/null $LOG
chmod 644 $LOG
kill -HUP `cat /var/run/snort.le0`
/usr/bin/cat $LOG.$DATE | /local/snort/snort_stat.pl | /usr/lib/sendmail root
And I just run it at 23:59. ;-)
> I need to run snort in a distributed environment, and thought plugging to
> a database would create too much overhead. Mabye ACID? Anyone have ideas
> or input.
Not unless you are really pounding your link. Drop a backend net onto each
sensor, log over the admin backend for DB and Normal alerts. Of course,
that's _never_ been done. *innocent look*
Hope that helps!
More information about the Snort-users