[Snort-users] -l parameter

adam_peterson at ...10608... adam_peterson at ...10608...
Tue Dec 9 09:08:03 EST 2003


I see your point.  I'll have to think about it because I do backup the db 
every night but I run the risk of missing an attack like the slammer worm 
if I can't write to the db.

My next question is, how do I manage those files?  I don't know of a good 
way to remove aged files as there is in the db with ACID.  Does anyone 
know of a command in Solaris that would allow me to delete files and a 
directory structure if they're older than x hours/days?

>From: "Michael Steele" <michaels at ...9077...>
>To: "'Snort Users List'" <snort-users at lists.sourceforge.net>
>Subject: RE: [Snort-users] -l parameter
>Date: Mon, 8 Dec 2003 20:04:04 -0800
>
>
>Adam,
>
>You just placed all your marbles into one pot. If you loose your database
>you loose it all. At least with the log you could populate the database 
if
>it got corrupted,
>
>I don't suggest anyone do this, especially in a production environment. 
If
>you don't have enough room for the log file, then get a few more megs of
>storage space.
>
>Kindest regards,
>
>The WINSNORT.com Management Team


Adam Peterson | Senior WAN Engineer | SPL WorldGroup | 
adam_peterson at ...10608... | +1.415.357.4787
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031209/8af98a7b/attachment.html>


More information about the Snort-users mailing list