[Snort-users] Snort and real-time alerting
wkitty42 at ...14940...
Mon May 28 14:40:49 EDT 2012
On 5/28/2012 12:14, Jeronimo L. Cabral wrote:
> Coming back to real-time monitoring of Snort, my Snort generates a lot
> of snort log files under /var/log/snort, they have different names.
> What can I do to monitor Snort if the file name changes ???
what logging type are you using? if those files are what i think they are, they
are actually pcap files and you have an alert file as well... if they are pcap
files only, then you can keep them for some random X time and then delete them
unless you have something else (reporting tools) that might use them if you go
back into history...
mine are named like "snort.log.1279385047" and they range in size due to the
traffic captured for alerts between snort restarts...
so, what are you trying to use to monitor snort via those files??
More information about the Snort-users