[Snort-users] rotate alert cache

Erek Adams erek at ...950...
Thu Jul 3 19:59:09 EDT 2003


On Thu, 3 Jul 2003, Kerry Cox wrote:

> Quick question, does anyone know of or have a simple script for rotating
> out the /var/log/snort/alert file periodically? I'm sure it would be a
> simple matter to write this, but why re-invent the wheel?
> I'd like to be able to append a .1 or .2 to the end of each rotated file
> for archival purposes, much as the messages and secure files are rotated
> out. I'd add the alert file to the regular rotation of these as well,
> but want to make certain it works without killing the running Snort
> process.

Quite a few OS'es already have somethinglike that.  Logrotate is already
on some Linux distros.  Newsyslog is on *BSD boxes.  Check freshmeat
(freshmeat.net) for quite a few log tools.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list