[Snort-users] Alert in syslog file

James Riden j.riden at ...11179...
Thu Oct 14 20:03:59 EDT 2004


"Raffael Maio" <Vador at ...1224...> writes:

> Hi,
>
> I see that all my alerts are sending to the syslog system. Is is
> obligatory??!? 
>
> How can I remove that option  ?! Because the syslog file becomes very bigger
> when there is lot of alert !!!

I find the syslog file useful for grepping through, etc. - you can
always set something like logwatch, or a shell script up to roll the
file over every day, e.g.

alert - today, current
alert.1 - yesterday's 'alert'
alert.2 - day before, etc.

cheers,
 Jamie
-- 
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/







More information about the Snort-users mailing list