Snort mailing list archives
Re: Rotating '-b' logs without stopping snort? (0% data loss...)
From: Ben <snort-users () work mumble org uk>
Date: Wed, 25 Jul 2001 10:38:42 +0100
On Tue, Jul 24, 2001 at 03:56:24PM -0400, Dave Cinege wrote:
pig$ mkfifo /tmp/snort pig$ snort -b /tmp/snort pig$ cat /tmp/snort | ssh -e none remote.host cat \>/var/log/snort/machine1Actually I just thought of something similar to this last night... Writing a small C proggie to read from a pipe, and have that handle rotating the logs out, and think this is what I'll do...
doesnt apache or something come with a good rotation tool.. my memories off, time for some caffeine..
Going straight out to ssh I don't think is a good option. The hosts are remote. Right now I'm scripted up to scp out at intervals, globbing any files that could not previously be sent.
why is ssh'ing them a problem and scp'ing them not??
If I ssh straight out, it will get messy very quick. (The remotes are on distant nets)
puzzled? (:
Aside from this, the best option would be if snort caught a signal and rotated itself. Yes, please TODO.
just so long as it doesnt drop anything while it does it, YES PLEASE (: -- Ben Hughes, <ben.hughes [at] uk.easynet.net> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rotating '-b' logs without stopping snort? (0% data loss...) Dave Cinege (Jul 24)
- Snort 1.8 and Acid Problem Alessandro Fiorenzi (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) snort-users (Jul 24)
- network output strategies (was: Rotating '-b'logs...) Kiira Triea (Jul 24)
- Re: network output strategies (was: Rotating '-b'logs...) Ben Hughes (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Dave Cinege (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Ben (Jul 25)
- network output strategies (was: Rotating '-b'logs...) Kiira Triea (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Pawel Krawczyk (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Johannes Grosen (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Ramin Alidousti (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Chris Keladis (Jul 24)