[Snort-users] Archiving Snort logs
pschmehl_lists at ...14358...
Thu Feb 25 00:12:02 EST 2010
Not trying to be a smartass, but you have heard of syslog, right?
vi /etc/newsyslog.conf and add
/var/log/snort/snort.u2.* 660 100 * @T00 BG /var/run/snort/snort_eth0.pid
Please don't copy the example. Read the man page.
--On February 24, 2010 3:20:18 PM +0000 "Sharma, Ashish"
<ashish.sharma3 at ...6440...> wrote:
> Ok I got the point.
> There are plenty of approaches to archive DB files.
> Here I want to know how can I clean up 'snort.log' files automatically
> that keep on growing in a production system without much admin
> Thanks in advance
> Ashish Sharma
> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...]
> Sent: Tuesday, February 23, 2010 8:38 PM
> To: firnsy
> Cc: Sharma, Ashish; Snort Users List
> Subject: Re: [Snort-users] Archiving Snort logs
> On Feb 23, 2010, at 5:21 AM, firnsy wrote:
>> On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:
>>> Here I want to know, Is the 'Barnyard2' also cleaning up the snort
>> No, it doesn't. Barnyard2 is only parsing the snort unified log files.
> Although you could save the unified files and read them back into the db
> at a later time if you wanted to with barnyard2. As for cleaning up the
> DB, I think there is a script that can clean up the db.
> If you Google "snort db cleanup" many sites come up, however, this one
> popped out at me. Might give it a shot.
> Joel Esler
> ------ Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
WARNING: Check the headers before replying
More information about the Snort-users