[Snort-users] -l parameter

twig les twigles at ...131...
Tue Dec 9 16:44:04 EST 2003


I'm executing these commands in
> crontab:
> 
> 3 16 * * * find /var/log/snort -atime +7 -exec rm -rf {} \;
> 4 16 * * * mkdir /var/log/snort
> 
> The mkdir was necessary because "rm -rf" removes the snort
> directory.  Is 
> it possible to avoid this?  Thanks again for the advice from
> both of you.
> 

Well you could erase things *inside* the directory, which it
looks like that command does.  I'd have to tinker with it, no
time.  But as an alternative have you tried newsyslog (man 8
newsyslog)?  If you don't get into the ISO 8601 time formatting
garbage it should take you about 5 minutes to set up log
rotation.  If you get into the ISO 8601 hooha it should take 10.

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree




More information about the Snort-users mailing list