[Snort-users] Archiving Snort logs

justin joseph justinjoseph007 at ...11827...
Thu Feb 25 05:51:12 EST 2010


On Wed, Feb 24, 2010 at 8:50 PM, Sharma, Ashish <ashish.sharma3 at ...6440...>wrote:

> Joel,
>
> Ok I got the point.
>
> There are plenty of approaches to archive DB files.
>
> Here I want to know how can I clean up 'snort.log' files automatically that
> keep on growing in a production system without much admin interference.
>

http://linuxcommand.org/man_pages/logrotate8.html


>
> Thanks in advance
> Ashish Sharma
>
> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...]
> Sent: Tuesday, February 23, 2010 8:38 PM
> To: firnsy
> Cc: Sharma, Ashish; Snort Users List
> Subject: Re: [Snort-users] Archiving Snort logs
>
> On Feb 23, 2010, at 5:21 AM, firnsy wrote:
>
> > On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:
> >
> >> Here I want to know, Is the 'Barnyard2' also cleaning up the snort
> >> logs?
> >>
> >
> > No, it doesn't. Barnyard2 is only parsing the snort unified log files.
>
> Although you could save the unified files and read them back into the db at
> a later time if you wanted to with barnyard2.  As for cleaning up the DB, I
> think there is a script that can clean up the db.
>
> If you Google "snort db cleanup" many sites come up, however, this one
> popped out at me.  Might give it a shot.
>
> http://www.perlmonks.org/?node_id=247926
>
>
> --
> Joel Esler
> 302-223-5974
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100225/d582ce33/attachment.html>


More information about the Snort-users mailing list