[Snort-users] Archiving Snort logs
ashish.sharma3 at ...6440...
Wed Feb 24 10:20:18 EST 2010
Ok I got the point.
There are plenty of approaches to archive DB files.
Here I want to know how can I clean up 'snort.log' files automatically that keep on growing in a production system without much admin interference.
Thanks in advance
From: Joel Esler [mailto:jesler at ...1935...]
Sent: Tuesday, February 23, 2010 8:38 PM
Cc: Sharma, Ashish; Snort Users List
Subject: Re: [Snort-users] Archiving Snort logs
On Feb 23, 2010, at 5:21 AM, firnsy wrote:
> On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:
>> Here I want to know, Is the 'Barnyard2' also cleaning up the snort
> No, it doesn't. Barnyard2 is only parsing the snort unified log files.
Although you could save the unified files and read them back into the db at a later time if you wanted to with barnyard2. As for cleaning up the DB, I think there is a script that can clean up the db.
If you Google "snort db cleanup" many sites come up, however, this one popped out at me. Might give it a shot.
More information about the Snort-users