Snort mailing list archives

RE: Old unified log files

From: "Kolanovic, Tomislav/Human Resources" <KolanovT () mskcc org>
Date: Mon, 18 Jul 2005 16:17:25 -0400

Hi,

Didn't work as expected. Used the archive option, but when a new spool
was created, the old one failed to archive, with the error "/dev/null"
is not a directory. Yet, I can manually move the file to /dev/null and
it deletes it fine...

Couldn't find a comparable program for newsyslog on Suse (9.1).

What does everyone else do with there old unified log files, after
barnyard already read them?

Thanks

-----Original Message-----
From: Kolanovic, Tomislav/Human Resources 
Sent: Friday, July 15, 2005 3:27 PM
To: 'SRH-Lists'; 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Old unified log files

Thanks, that makes perfect sense. Forgot about the /dev/null dir.

Also wasn't aware of the newsyslog.conf ... Read up on it, thanks for
the info.

Tom

-----Original Message-----
From: Steve Halligan [mailto:shalligan () techiesoutsourcedit com] On
Behalf Of SRH-Lists
Sent: Friday, July 15, 2005 12:49 PM
To: Kolanovic, Tomislav/Human Resources;
snort-users () lists sourceforge net
Subject: RE: [Snort-users] Old unified log files

      Is there an automated way to delete the old unified log files

after

barnyard is done with them?
I don't think they are needed for anything, are they?


See the -a option of barnyard.  It will move the completed files to
another directory.  That directory can be /dev/null IIRC.




 
     =====================================================================
     
     Please note that this e-mail and any files transmitted with it may be 
     privileged, confidential, and protected from disclosure under 
     applicable law. If the reader of this message is not the intended 
     recipient, or an employee or agent responsible for delivering this 
     message to the intended recipient, you are hereby notified that any 
     reading, dissemination, distribution, copying, or other use of this 
     communication or any of its attachments is strictly prohibited.  If 
     you have received this communication in error, please notify the 
     sender immediately by replying to this message and deleting this 
     message, any attachments, and all copies and backups from your 
     computer.



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Old unified log files Kolanovic, Tomislav/Human Resources (Jul 15)
- Re: Old unified log files Paul Schmehl (Jul 15)
- <Possible follow-ups>
- RE: Old unified log files Kolanovic, Tomislav/Human Resources (Jul 15)
- RE: Old unified log files SRH-Lists (Jul 18)
- RE: Old unified log files Kolanovic, Tomislav/Human Resources (Jul 18)