[Snort-users] Re: Log Rotation (fwd)

JP Vossen vossenjp at ...8683...
Fri Dec 5 07:09:08 EST 2003

Hi Mike,

I think you meant to send this to Lindamaria and the list...

---------- Forwarded message ----------
Date: Fri, 5 Dec 2003 09:39:17 -0500
From: MH <procana at ...4296...>
To: vossenjp at ...8683...
Subject: Re: Log Rotation

Hi Lindamaria,

Here is a simple script that should work for you:

- ---------------------

newdir=~/snort_logs/log$(date  "+%m_%d_%y")

if [[ ! -e $newdir && ! -d $newdir ]]; then
        mkdir $newdir
##### path cat to where the pid file is written
kill -9 `cat /var/run/snort_xl0.pid`

if [[ ! -e $snortdir/alert ]]; then
if [[ -e $newdir ]]; then
        mv $snortdir/* $newdir/
        #####  Change youruser to the account to own the dir
        chown -R youruser:youruser $newdir/

/usr/local/bin/snort -bDA full -c /usr/local/snort/etc/snort.conf -l /var/log/snort/log

- ----------------------

Remember to change the paths and such to suit your
enviornment. Just cron this to run everynight.

Once the files are moved into my archive dir, I have another script that
generates reports so I get a daily summary as well as monthly and long term
trending.  If you are interested, I will send you a sample of the report

Hope this helps,

