[Snort-users] How are alerts being logged?

Erek Adams erek at ...950...
Mon Feb 2 15:02:06 EST 2004


On Mon, 2 Feb 2004, Peggy Kam wrote:

> I am running snort-2.0.4 on RH9.  I would like to know how the alerts
> are logged to the log file?  The reason why I am asking is that I would
> like to know if I am able to move the logs to another log file when the
> default log file reaches its size limitation.

Well...  It depends.  Snort's normal alerts don't have any sort of size
restriction.  If you're not logging to 'unified' then there isn't any sort
of size limitation, other than the OS.

If you're going to do something like that, you'll need to restart Snort
(kill -HUP or stop then start) for the file handle to be closed.

Cheers!

-----
Erek Adams

 "It looks just like a Telefunken U-47.  You'll love it..."  -- Frank Zappa




More information about the Snort-users mailing list