[Snort-users] Rotate barnyard files?

ausec at ...10045... ausec at ...10045...
Tue Sep 9 16:08:31 EDT 2003


I'm running two barnyards to process alerts and logs. From my snort.conf:

output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128

My snort log directory is filling up with files like these (ie. there are
multiple snort.alert.* and snort.log.* files):

snort.alert.1063135489
snort.log.1063135489

Does that mean barnyard is getting behind processing the log and alert
files? Should I be rotating or deleting them? How do I know when barnyard
is done with a file...?

Thanks,
Ausec.



__ 
    This communication is intended for the use of the recipient to whom it
    is addressed, and may contain confidential, personal, and or privileged
    information. Please contact us immediately if you are not the intended
    recipient of this communication, and do not copy, distribute, or take
    action relying on it. Any communications received in error, or
    subsequent reply, should be deleted or destroyed.
---




More information about the Snort-users mailing list