Snort mailing list archives

RE: log rotation scripts?

From: "Jason Smith" <jsmith () firstcellular com>
Date: Wed, 1 Aug 2001 16:50:08 -0500

If you are using RedHat 7.1 use the logrotate program.  It is already setup
to run in cron.  All I've done is create /etc/logrotate.d/snort with these
two entries in it:
/var/log/snort/alert {
        rotate 4
        errors root
        mail email@.com
        mailfirst
}

/var/log/snort/portscan.log {
        rotate 4
        errors root
        mail email@.com
        mailfirst
}

And I've added /etc/cron.daily/snort.cron 
#!/bin/bash

kill `cat /var/run/snort_eth0.pid`
/usr/local/bin/snort -A fast -bs -u snort -g snort -c /etc/snort/snort.conf
-D

Nothing very fancy but it rotates my portscan.log and alert file once a week
and keeps 4 weeks worth.  It also starts a new binary log file every day.
The only problem I've seen is that I don't get the emails from the logrotate
file, and I'm not sure why. (Not terribly important though).  

Hope this helps.  If you have any questions just let me know.

Jason

-----Original Message-----
From: Migus, Adam [mailto:Adam_Migus () NAI com]
Sent: Wednesday, August 01, 2001 3:41 PM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] log rotation scripts?


I'm sure this question has been asked many different ways many times before
but here I go again.  Does anyone have any snort log rotation scripts they
are rather fond of and wouldn't mind giving away?  Something suitable for
rotating weekly and back saving a few months would be nice.  Thanks.

Adam

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

log rotation scripts? Migus, Adam (Aug 01)
- <Possible follow-ups>
- RE: log rotation scripts? Jason Smith (Aug 01)
  - RE: log rotation scripts? Dragos Ruiu (Aug 01)
- Re: log rotation scripts? Dr SuSE (Aug 02)