[Snort-users] Snort Logs

Marc Quibell mquibell at ...7759...
Thu Sep 18 06:49:19 EDT 2003


Log rotate? Post rotate?

I've made it a habit to restart my Snort EVERY night, and along with that I
delete the alert file, which is then recreated when Snort starts. Good ol cron
job every night in the wee hours:

kill `cat /var/run/snort_eth1.pid`
rm -f /var/log/snort/alert
 /usr/local/bin/snort -o -D -q -i eth1 -c /usr/local/etc/snort-2.0.7/snort.conf

> Hello,
>
> I'm running snort 2.0 on Linux 9.0. Does anyone know how to rotate=20
> /var/log/snort/alert when it reaches certain size?
>






More information about the Snort-users mailing list