[Snort-users] Re: Log Rotation (fwd)

JP Vossen vossenjp at ...8683...
Fri Dec 5 07:09:08 EST 2003

Hi Mike,

I think you meant to send this to Lindamaria and the list...

JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?

---------- Forwarded message ----------
Date: Fri, 5 Dec 2003 09:39:17 -0500
From: MH <procana at ...4296...>
To: vossenjp at ...8683...
Subject: Re: Log Rotation

Hi Lindamaria,

Here is a simple script that should work for you:

- ---------------------

newdir=~/snort_logs/log$(date  "+%m_%d_%y")

if [[ ! -e $newdir && ! -d $newdir ]]; then
        mkdir $newdir
##### path cat to where the pid file is written
kill -9 `cat /var/run/snort_xl0.pid`

if [[ ! -e $snortdir/alert ]]; then
if [[ -e $newdir ]]; then
        mv $snortdir/* $newdir/
        #####  Change youruser to the account to own the dir
        chown -R youruser:youruser $newdir/

/usr/local/bin/snort -bDA full -c /usr/local/snort/etc/snort.conf -l /var/log/snort/log

- ----------------------

Remember to change the paths and such to suit your
enviornment. Just cron this to run everynight.

Once the files are moved into my archive dir, I have another script that
generates reports so I get a daily summary as well as monthly and long term
trending.  If you are interested, I will send you a sample of the report

Hope this helps,

More information about the Snort-users mailing list