[Snort-users] Snort alert when the log reaches 75% full

Stephen Mullins steve.mullins.work at ...11827...
Sun Aug 2 09:48:29 EDT 2009


http://support.microsoft.com/kb/112509

2013 error.  Change threshold to 75%.  Give the log its own
partition/drive.  Getting Windows to forward events to your syslog is
easy enough though you may need some third party software.

There are other, better ways to accomplish your goal.  As for the
Windows thing, people end up running Snort on Windows because that is
all they know how to use.

I think it's better to run Snort on an OS you understand than have a
sensor fleet of Snort boxes that nobody in your organization can
maintain that are therefore neglected and ignored.

Steve Mullins

On Wed, Jul 29, 2009 at 10:57 AM, Livingston, Kevin E Mr CTR USA
IMCOM<KEVIN.LIVINGSTON2 at ...8029...> wrote:
> How can I get snort (on a windows box) to send a syslog message when the
> log reaches 75% full
>
> Thanks, Kevin
>
> V/r
> Kevin Livingston
> Network Engineer
> BCTC, Fort Hood, TX
> Cell 254-247-7534
> "01000011010000110100111001000001"
>
>
>
> Tell us how we are doing.
>
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list