Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-26-2004, 03:41 PM   #1
LQ Newbie
Registered: May 2004
Posts: 1

Rep: Reputation: 0
Snort log rotation suggestions


I run snort on my NIDS and I want to be able to rotate these log files every 3 months so I don't have extremely stale logs laying around. I already have a method to permanently back them up, so this is just to keep the directory coherent.

Snort logs are saved in /var/log/snort. This is what the contents of the directory lok like.

/var/log/snort contents:

(ip) (ip) (ip) alert
Old 05-26-2004, 10:23 PM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Have you tried just using logrotate? Just create a file in the /etc/logrotate.d/ directory (you can name it snort). Then depending on what you want to do (check the logrotate man page), you can write a small script to handle the rotation. You can set it up to compress the alert file, move it to an archive, then wipe the contents of /var/log/snort, then make a new alert file and restart snort. Using the postrotate option to execute those commands as sort of a "mini-script" works well.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to resolve log rotation error? sdebiasio Linux - Newbie 4 09-08-2004 02:48 AM
Webalizer With Log Rotation dmedici Linux - Software 0 08-17-2004 09:06 AM
manual log rotation will103 Linux - Newbie 2 04-20-2004 02:20 AM
disable log rotation in site krishn Linux - General 1 07-28-2003 07:53 AM
Log rotation - NewB nrastogi Linux - Software 1 02-12-2003 10:44 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:03 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration