[Snort-users] Archiving Snort logs

Joel Esler jesler at ...1935...
Wed Feb 24 10:35:11 EST 2010


I used to have a script that monitored the age of the files in the logs
directory and if they got older than "x" amount of days, then move them to
an archive.  (Just as easily they could be deleted.)

J

On Wed, Feb 24, 2010 at 10:20 AM, Sharma, Ashish <ashish.sharma3 at ...6440...>wrote:

> Joel,
>
> Ok I got the point.
>
> There are plenty of approaches to archive DB files.
>
> Here I want to know how can I clean up 'snort.log' files automatically that
> keep on growing in a production system without much admin interference.
>
> Thanks in advance
> Ashish Sharma
>
> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...]
> Sent: Tuesday, February 23, 2010 8:38 PM
> To: firnsy
> Cc: Sharma, Ashish; Snort Users List
> Subject: Re: [Snort-users] Archiving Snort logs
>
> On Feb 23, 2010, at 5:21 AM, firnsy wrote:
>
> > On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:
> >
> >> Here I want to know, Is the 'Barnyard2' also cleaning up the snort
> >> logs?
> >>
> >
> > No, it doesn't. Barnyard2 is only parsing the snort unified log files.
>
> Although you could save the unified files and read them back into the db at
> a later time if you wanted to with barnyard2.  As for cleaning up the DB, I
> think there is a script that can clean up the db.
>
> If you Google "snort db cleanup" many sites come up, however, this one
> popped out at me.  Might give it a shot.
>
> http://www.perlmonks.org/?node_id=247926
>
>
> --
> Joel Esler
> 302-223-5974
>
>
>
>
>
>


-- 
Joel Esler
302-223-5974
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100224/a1f31dfd/attachment.html>


More information about the Snort-users mailing list