Snort mailing list archives
Re: full tcpdump logging with alerting
From: Ryan.Oliver () pha com au
Date: Tue, 14 Aug 2001 17:34:45 +1000
Greetings all, Thanks all, it works a treat except for one thing. When running snort in daemon mode I have it logging to mysql/syslog and the tcpdump formatted file. Unfortunately when I stop snort to rotate out the tcpdump logfile (done hourly) I cannot read the contents, getting "pcap_loop: truncated dump file". This doesn't occur if I run snort outside of daemon mode (which isn't an option)... I've tried kill with signals 1,2,3,9 but still with the same results... Is there any way to get snort to complete the logfile and bow out gracefully from daemon mode or is there something I am missing here?? Any help appreciated Best Regards Ryan Oliver
Current thread:
- full tcpdump logging with alerting Ryan . Oliver (Aug 13)
- Re: full tcpdump logging with alerting Chris Green (Aug 13)
- Re: full tcpdump logging with alerting Martin Roesch (Aug 13)
- Re: full tcpdump logging with alerting Martin Roesch (Aug 13)
- <Possible follow-ups>
- Re: full tcpdump logging with alerting Ryan . Oliver (Aug 14)
- Re: full tcpdump logging with alerting Chris Green (Aug 13)