Snort mailing list archives

Rotate barnyard files?

From: ausec () athabascau ca
Date: Tue, 09 Sep 2003 13:58:10 -0600 (MDT)

I'm running two barnyards to process alerts and logs. From my snort.conf:

output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128

My snort log directory is filling up with files like these (ie. there are
multiple snort.alert.* and snort.log.* files):

snort.alert.1063135489
snort.log.1063135489

Does that mean barnyard is getting behind processing the log and alert
files? Should I be rotating or deleting them? How do I know when barnyard
is done with a file...?

Thanks,
Ausec.



__ 
    This communication is intended for the use of the recipient to whom it
    is addressed, and may contain confidential, personal, and or privileged
    information. Please contact us immediately if you are not the intended
    recipient of this communication, and do not copy, distribute, or take
    action relying on it. Any communications received in error, or
    subsequent reply, should be deleted or destroyed.
---


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Red Hat 9 Falvo, Jose Luis - (Arg) (Sep 09)
- Rotate barnyard files? ausec (Sep 09)
- Re: Red Hat 9 Andy Cuff [talisker] (Sep 10)
  - Starting Barnyard w/SQL out and no SQL server? Gordon Cunningham (Sep 10)
- <Possible follow-ups>
- RE: Red Hat 9 Chip Upsal (Sep 09)