Snort mailing list archives
Re: Hey, how could i delete the alert log cuz /var is full
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 16 Jan 2004 10:30:21 -0500
In your situation.. I'd copy it to a volume with space and just gzip it so it's smaller.
Then to prevent the problem in the future set up logrotate, or some other log management tool so that your alert file gets rotated once a week or so.
Most Linux boxes already have logrotate going, so you can just edit your logrotate.conf and tell it to rotate "/var/log/snort/alert" along with the others. Have it send a SIGHUP snort as a postrotate event.
At 03:24 AM 1/16/2004, soldier Mx wrote:
Heyyy, yeah my /Var is full because the alert log,, is generatin alot of them, how could i delete,, some of them,, like the last 5 days of the alert log.. i want just one week to log, and then to delete the last... lines, cuz the log is soo bigg.. -rw-rw-rw- 1 root root 400818176 Jan 15 10:27 alert -rw------- 1 root root 1941614 Jan 15 08:26 portscan.log -rw------- 1 root root 2733688 Jan 13 18:30 scan.log -rw------- 1 root root 170665 Oct 29 23:51 snort.log.1067492961 so i dont know what to do .. thanks! i'd like to delete the last logs,, but not the newests logs, since 5 days to now..
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hey, how could i delete the alert log cuz /var is full soldier Mx (Jan 16)
- unsubscribe Pete (Jan 16)
- Re: Hey, how could i delete the alert log cuz /var is full Matt Kettler (Jan 16)
- Re: Hey, how could i delete the alert log cuz /var is full james (Jan 16)
- <Possible follow-ups>
- Re: Hey, how could i delete the alert log cuz /var is full james (Jan 16)
- RE: Hey, how could i delete the alert log cuz /var is full Bell, Josh (Jan 16)