[Snort-users] Snort Logs
mquibell at ...7759...
Thu Sep 18 06:49:19 EDT 2003
Log rotate? Post rotate?
I've made it a habit to restart my Snort EVERY night, and along with that I
delete the alert file, which is then recreated when Snort starts. Good ol cron
job every night in the wee hours:
kill `cat /var/run/snort_eth1.pid`
rm -f /var/log/snort/alert
/usr/local/bin/snort -o -D -q -i eth1 -c /usr/local/etc/snort-2.0.7/snort.conf
> I'm running snort 2.0 on Linux 9.0. Does anyone know how to rotate=20
> /var/log/snort/alert when it reaches certain size?
More information about the Snort-users