[Snort-users] -l parameter

Ed Callahan snort at ...10352...
Tue Dec 9 18:10:02 EST 2003


Try

    find /var/log/snort -atime +7 -type f -exec rm -rf {} \;

instead of

    find /var/log/snort -atime +7 -exec rm -rf {} \;

The -type f lists just files, not directories

Ed Callahan
snort at ...10352...

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of
adam_peterson at ...10608...
Sent: Tuesday, December 09, 2003 6:25 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] -l parameter



Thanks to John and Michael's advice, I've removed the -N parameter from the
Snort command line so it will indeed log to a directory in case I lose
communication with my db.  I'm executing these commands in crontab:

3 16 * * * find /var/log/snort -atime +7 -exec rm -rf {} \;
4 16 * * * mkdir /var/log/snort

The mkdir was necessary because "rm -rf" removes the snort directory.  Is it
possible to avoid this?  Thanks again for the advice from both of you.

Adam Peterson | Senior WAN Engineer | SPL WorldGroup |
adam_peterson at ...10608... | +1.415.357.4787






More information about the Snort-users mailing list