Sign in to follow this  
faculaganymede

Snare Linux - events log file location??

Recommended Posts

Hi All, Does anyone have experience using Snare in Linux? I believe by default the snare.conf file is set up so Snare writes the events log data to an output file call "Snare-Audit-Log". At least this is what's in my snare.conf file. However, there's no directory patch associate with "Snare-Audit-Log", and I couldn't seem to find this file in the computer. Does anyone know where "Snare-Audit-Log" is located? It's extremely important that I find this file. Thanks in advance for you help!

Share this post


Link to post
Share on other sites
Hi there! I found it, it's in "/" (don't know why File Search didn't find it before).

However, the file only contains events for the last couple of days? I don't see any parameter in the Snare configuration file that limits the event log file size, time, etc. Why does it only contain the events for a few days? What parameter needs to be changed in order to save the events indefinitely? Anyone?

The same applies to the system log files in my Linux. I'm only able to view the recent log info. Does anyone know what parameters I need to change in the operating system to save log data indefinitely? Thanks very much in advance!

[Edited by - faculaganymede on September 21, 2008 6:29:40 PM]

Share this post


Link to post
Share on other sites
I didn't catch which distribution you were using, but most will include a utility to "rotate" your logs. If you look in /var/log and notice, for instance, messages, messages.0, and messages.1.gz (or something along those lines), that's likely what's happening. Try "man logrotate" and see if it pulls anything up.

Share this post


Link to post
Share on other sites
Sign in to follow this