[Snort-users] Help needed with logs

Peggy Kam ppkam at ...11126...
Mon Feb 2 13:43:30 EST 2004


I am running snort-2.0.4 on RH9.  I would like to know how the alerts 
are logged to the log file?  ie. during the ID process, are the alerts 
being temporary stored in a buffer and then output all the alerts at 
once in a file or are they being written to a file every single time an 
alert is triggered by the packet?  The reason why I am asking is that I 
would like to know if I am able to move the logs to another log file 
when the default log file reaches its size limitation.

Thanks in advance,

More information about the Snort-users mailing list