create a simple script such as this
Code:
#!/bin/sh
#To clear the Snort logs:
echo > /var/log/snort/alert
rm -Rf /var/log/snort/*.*.*.*
#and to clear your firewall log:
echo > /var/log/messages
#To clear old Snort and firewall logs:
rm -f /var/log/messages.*
rm -f /var/log/snort/alert.*
# delete snort log dir and all files in it
rm -rf /var/log/snort
#recreate snort with correct permissions
mkdir /var/log/snort
echo > /var/log/snort/alert
echo > /var/log/snort/portscan.log
chmod 664 /var/log/snort/alert
chmod 664 /var/log/snort/portscan.log
chown -R snort:snort /var/log/snort
#restart snort
restartsnort
echo -----------------------------
ls -al /var/log/snort/
echo -----------------------------
echo Logs are all cleared.
echo if you see /var/log/snort/alert or
echo /var/log/snort/portscan.log still belonging to root then manually chown them
echo -----------------------------
echo all done.then make it executable
Code:
chmod +x cleanupthen add it as a cron job if you wish or run it manually when the logs start filling up your hard disc (and they will....)
thats it !
cheers
anyweb

 
 

 

