[Snort-users] Changing name and file size limit of ALERT output file

praveen_recker . praveen_recker at ...4543...
Thu Sep 27 09:27:42 EDT 2012


Hi Abhishek,

You can use logrorate command on linux.......which automatically rotates
mentioned files based upon your criteria/configuration.

Best Regards,
Praveen Darshanam

On Thu, Sep 27, 2012 at 6:29 PM, Abhishek Sharma <abhisheksharma84 at ...11827...
> wrote:

> Hello All,
>
> Apologies if the question is too trivial. I am running snort, lets say on
> a given pcap file using the following command line argument -
>
> snort -c /etc/snort/snort.conf -A fast -l /tmp/ -r ABCDE.pcap
>
> Everything runs fine and I get an alert file in the /tmp directory. My
> question is, that is there a way to -
>
> 1). Change the name of the file being created. Say if I want the file name
> to be alert_myname?
> 2). Is there a way to create multiple alert files based on a given size?
> Say can I restrict it to 100KB? so after every 100KB I get a new alert file
> (without deleting/overwriting the existing)?
>
> Or is the only way out is by playing around with code?
>
> Any help is much appreciated.
>
> Many Thanks.
>
> Abhi
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://ad.doubleclick.net/clk;258768047;13503038;j?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120927/1bc52a93/attachment.html>


More information about the Snort-users mailing list