[Snort-users] Newbie Question
SWilcoxen at ...9020...
Fri Apr 25 11:39:05 EDT 2003
I'm relatively new to both Snort and Linux, so please bear with me here.
I have got snort setup on two separate machines. One machine is
listening to traffic on the outside of my firewall and the other on the
inside. On a third machine I've got a MySQL database to which I'm
logging alerts. I've setup an apache web server on this machine as well
and am using ACID to view the alerts being logged. My sensors are
logging all packets in binary tcp dump format on the local hard drive.
I would like to setup a cron job to move these logs to another machine
everyday so that the hard drives on my sensors don't fill up. I'm
starting snort in daemon mode and noticed that when I move the logs it
doesn't seem to start another one. So my theory was that if I stop
snort, move the logs, and restart snort I would be ok. Problem is I
can't find a way to stop snort short of issuing a 'kill pid'. I want to
script all of this. Any suggestions?
Scott S Wilcoxen
Macfadden & Associates, Inc.
Email: SWilcoxen at ...9020...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users