[Snort-users] Alert in syslog file
j.riden at ...11179...
Thu Oct 14 20:03:59 EDT 2004
"Raffael Maio" <Vador at ...1224...> writes:
> I see that all my alerts are sending to the syslog system. Is is
> How can I remove that option ?! Because the syslog file becomes very bigger
> when there is lot of alert !!!
I find the syslog file useful for grepping through, etc. - you can
always set something like logwatch, or a shell script up to roll the
file over every day, e.g.
alert - today, current
alert.1 - yesterday's 'alert'
alert.2 - day before, etc.
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the Snort-users