[Snort-users] Re: Log Rotation (fwd)

JP Vossen vossenjp at ...8683...
Fri Dec 5 07:09:08 EST 2003


Hi Mike,

I think you meant to send this to Lindamaria and the list...

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?


---------- Forwarded message ----------
Date: Fri, 5 Dec 2003 09:39:17 -0500
From: MH <procana at ...4296...>
To: vossenjp at ...8683...
Subject: Re: Log Rotation

Hi Lindamaria,

Here is a simple script that should work for you:

- ---------------------
#!/bin/ksh


newdir=~/snort_logs/log$(date  "+%m_%d_%y")
snortdir=/var/log/snort/log


if [[ ! -e $newdir && ! -d $newdir ]]; then
        mkdir $newdir
 fi
##### path cat to where the pid file is written
kill -9 `cat /var/run/snort_xl0.pid`


if [[ ! -e $snortdir/alert ]]; then
        exit
fi
if [[ -e $newdir ]]; then
        mv $snortdir/* $newdir/
        #####  Change youruser to the account to own the dir
        chown -R youruser:youruser $newdir/
fi


/usr/local/bin/snort -bDA full -c /usr/local/snort/etc/snort.conf -l /var/log/snort/log

- ----------------------

Remember to change the paths and such to suit your
enviornment. Just cron this to run everynight.

Once the files are moved into my archive dir, I have another script that
generates reports so I get a daily summary as well as monthly and long term
trending.  If you are interested, I will send you a sample of the report
script.

Hope this helps,
Mike





More information about the Snort-users mailing list