RE: >2Gb capture files

["Mayers, Philip J" <p.mayers () ic ac uk>]

On the other hand - Syslog-NG has a *great* tool:

file("/path/to/logs/$YEAR/$MONTH-$DAY.log");

I don't know how easy that would be to implement in snort, but it's a
*wonderful* tool - presumably you'd need an addtional command line option
"append to existing binary files" for it to be totally robust.

Regards, 
Phil 

+----------------------------------+ 
| Phil Mayers, Network Support     | 
| Centre for Computing Services    | 
| Imperial College                 | 
+----------------------------------+ 


-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]
Sent: 06 July 2001 19:46
To: Clausing, James A (Jim), SOBUS
Cc: Shriman Gurung; 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] >2Gb capture files


Ding ding ding!!!  Give that man a cigar.

    -Marty

"Clausing, James A (Jim), SOBUS" wrote:
>         Am I missing something?  More than one snort process can listen on
a
> given interface, so start the new one first, then kill the old one.  There
> should be an overlap of a few seconds, but nothing will be lost.
>
> ---Jim

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users