Re: [Snort-users] Archiving Snort logs

On Feb 23, 2010, at 5:21 AM, firnsy wrote:

> On Tue, 2010-02-23 at 08:47 +0000, Sharma, Ashish wrote:
>
>> Here I want to know, Is the ‘Barnyard2’ also cleaning up the snort >> logs? >>
>
> No, it doesn't. Barnyard2 is only parsing the snort unified log files.

Although you could save the unified files and read them back into the db at a later time if you wanted to with barnyard2. As for cleaning up the DB, I think there is a script that can clean up the db.

If you Google "snort db cleanup" many sites come up, however, this one popped out at me. Might give it a shot.

http://www.perlmonks.org/?node_id=247926 -- Joel Esler 302-223-5974 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users

• This message: [ Message body ]
• Next message: Rob Dixon: "[Snort-users] Libnet errors"
• Previous message: Seth Art: "Re: [Snort-users] Unable to run Snort in IPS mode"
• In reply to: firnsy: "Re: [Snort-users] Archiving Snort logs"
• Next in thread: Sharma, Ashish: "Re: [Snort-users] Archiving Snort logs"
• Reply: Sharma, Ashish: "Re: [Snort-users] Archiving Snort logs"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]