[Snort-users] Re: Log Rotation (fwd)

Michael Steele michaels at ...9077...
Fri Dec 5 15:45:00 EST 2003


You should ONLY be patching the CRITICAL patches ASAP. The others can be
scheduled when ever you want. Microsoft is revamping the patching process
for monthly, except for the critical ones.

It is not possible to be patching every couple of days. It is NOT required
to reboot after every singe patch, only if the patch requires you to reboot.

There is also no comparison between a BSOD and a reboot due to a scheduled
update, or patch.

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of JP Vossen
> Sent: Friday, December 05, 2003 7:08 AM
> To: Keaton, Lindamaria
> Cc: MH; Snort Users List
> Subject: [Snort-users] Re: Log Rotation (fwd)
> 
> Hi Mike,
> 
> I think you meant to send this to Lindamaria and the list...
> 
> Later,
> JP
> ------------------------------|:::======|--------------------------------
> JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
> My Account, My Opinions       |=========|       http://www.jpsdomain.org/
> ------------------------------|=========|--------------------------------
> You used to have to reboot the Windows 9.x series every couple of days
> because it would crash.  Now you have to reboot Windows 200x or XP every
> couple of days because of a patch.  How is that better or more stable?
> 
> 
> ---------- Forwarded message ----------
> Date: Fri, 5 Dec 2003 09:39:17 -0500
> From: MH <procana at ...4296...>
> To: vossenjp at ...8683...
> Subject: Re: Log Rotation
> 
> Hi Lindamaria,
> 
> Here is a simple script that should work for you:
> 
> - ---------------------
> #!/bin/ksh
> 
> 
> newdir=~/snort_logs/log$(date  "+%m_%d_%y")
> snortdir=/var/log/snort/log
> 
> 
> if [[ ! -e $newdir && ! -d $newdir ]]; then
>         mkdir $newdir
>  fi
> ##### path cat to where the pid file is written
> kill -9 `cat /var/run/snort_xl0.pid`
> 
> 
> if [[ ! -e $snortdir/alert ]]; then
>         exit
> fi
> if [[ -e $newdir ]]; then
>         mv $snortdir/* $newdir/
>         #####  Change youruser to the account to own the dir
>         chown -R youruser:youruser $newdir/
> fi
> 
> 
> /usr/local/bin/snort -bDA full -c /usr/local/snort/etc/snort.conf -l
> /var/log/snort/log
> 
> - ----------------------
> 
> Remember to change the paths and such to suit your
> enviornment. Just cron this to run everynight.
> 
> Once the files are moved into my archive dir, I have another script that
> generates reports so I get a daily summary as well as monthly and long
> term
> trending.  If you are interested, I will send you a sample of the report
> script.
> 
> Hope this helps,
> Mike
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list