[Emerging-Sigs] U2 Filesystem, Log Rotation, and Cleanup

Korodev korodev at gmail.com
Thu Oct 13 10:02:39 EDT 2011

Taking some time to re-evaluate some processes in my FreeBSD lab
sensor running Snort and BY2 and few questions popped up, so I thought
I'd see if anyone had some feedback:

1. I'm looking at moving my unified2 spooling to a memory disk
filesystem. Has anyone seen any real improvements doing this?

2. What is the best general practice for dealing with U2 log rotation
and clean up? Are you guys storing your U2 files for later processing
and analysis?


More information about the Emerging-sigs mailing list