[Snort-users] Snort and real-time alerting

waldo kitty wkitty42 at ...14940...
Mon May 28 14:40:49 EDT 2012


On 5/28/2012 12:14, Jeronimo L. Cabral wrote:
> Coming back to real-time monitoring of Snort, my Snort generates a lot
> of snort log files under /var/log/snort, they have different names.
>
> What can I do to monitor Snort if the file name changes ???

what logging type are you using? if those files are what i think they are, they 
are actually pcap files and you have an alert file as well... if they are pcap 
files only, then you can keep them for some random X time and then delete them 
unless you have something else (reporting tools) that might use them if you go 
back into history...

mine are named like "snort.log.1279385047" and they range in size due to the 
traffic captured for alerts between snort restarts...

so, what are you trying to use to monitor snort via those files??





More information about the Snort-users mailing list