Snort mailing list archives
Re: Snort alert when the log reaches 75% full
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 29 Jul 2009 11:30:09 -0400
Yes I am familiar with the stig. What you need is a disk space monitor that will tell you that. Snort doesn't monitor harddrive space. Also, you should really think about not running Snort on Windows. J On Wednesday, July 29, 2009, Livingston, Kevin E Mr CTR USA IMCOM <KEVIN.LIVINGSTON2 () us army mil> wrote:
Thanks for the quick reply J. Has anyone heard of a DISA STIG? One of these DISA STIG calls for " NET0386 - FW or IDS must alarm at 75% log capacity". So I was wondering if anyone has had to work with this? Thanks, Kevin -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Wednesday, July 29, 2009 10:05 AM To: Livingston, Kevin E Mr CTR USA IMCOM Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort alert when the log reaches 75% full Well, you can't Kevin. What you can do, however, is write to unified and have Snort automatically roll the size of the file over when it gets too big. Snort does not monitor disk space. J On Wednesday, July 29, 2009, Livingston, Kevin E Mr CTR USA IMCOM <KEVIN.LIVINGSTON2 () us army mil> wrote:How can I get snort (on a windows box) to send a syslog message when the log reaches 75% full Thanks, Kevin V/r Kevin Livingston Network Engineer BCTC, Fort Hood, TX Cell 254-247-7534 "01000011010000110100111001000001" Tell us how we are doing. ---------------------------------------------------------------------- -------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort alert when the log reaches 75% full Livingston, Kevin E Mr CTR USA IMCOM (Jul 29)
- Re: Snort alert when the log reaches 75% full Joel Esler (Jul 29)
- Re: Snort alert when the log reaches 75% full Livingston, Kevin E Mr CTR USA IMCOM (Jul 29)
- Re: Snort alert when the log reaches 75% full Joel Esler (Jul 29)
- Re: Snort alert when the log reaches 75% full William Young (Jul 29)
- Re: Snort alert when the log reaches 75% full Martin Hochreiter (Jul 29)
- Re: Snort alert when the log reaches 75% full Livingston, Kevin E Mr CTR USA IMCOM (Jul 29)
- Re: Snort alert when the log reaches 75% full Stephen Mullins (Aug 02)
- Re: Snort alert when the log reaches 75% full Joel Esler (Jul 29)