[Snort-users] rotate alert cache
erek at ...950...
Thu Jul 3 19:59:09 EDT 2003
On Thu, 3 Jul 2003, Kerry Cox wrote:
> Quick question, does anyone know of or have a simple script for rotating
> out the /var/log/snort/alert file periodically? I'm sure it would be a
> simple matter to write this, but why re-invent the wheel?
> I'd like to be able to append a .1 or .2 to the end of each rotated file
> for archival purposes, much as the messages and secure files are rotated
> out. I'd add the alert file to the regular rotation of these as well,
> but want to make certain it works without killing the running Snort
Quite a few OS'es already have somethinglike that. Logrotate is already
on some Linux distros. Newsyslog is on *BSD boxes. Check freshmeat
(freshmeat.net) for quite a few log tools.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users