[Snort-users] Archiving Snort logs

Alex Tatistcheff alex.tatistcheff at ...11827...
Thu Feb 25 00:28:58 EST 2010


Barnyard2 has the option:

-a <dir>   Archive processed files to <dir>

I suppose you could move them to /dev/nul (maybe) or at least once they're
moved to the archive folder you specify you know you can clean them up with
a cron job or the like.

Alex Tatistcheff
alext at ...492...




On Tue, Feb 23, 2010 at 1:47 AM, Sharma, Ashish <ashish.sharma3 at ...6440...>wrote:

>  Hi,
>
>
>
> I have configured latest Snort build in IDS mode with ‘BASE’ and
> ‘Barnyard2’.
>
>
>
> What I understand from here is that ‘Snort’ generates the log in binary
> form, ‘Barnyard2’ parses them and puts the log messages in mysql DB, then
> ‘Base’ is used to check out the logs in a web interface. Am I right?
>
>
>
> Here I want to know, Is the ‘Barnyard2’ also cleaning up the snort logs?
>
> If not how could I archive the Snort logs efficiently, Is there any
> automated solution for this?
>
>
>
> Also what is the efficient strategy for dealing with Snort logs archiving?
>
>
>
> Please help
>
>
>
> Thanks in advance
>
> Ashish Sharma
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100224/8c740202/attachment.html>


More information about the Snort-users mailing list