Help with tcpdump log rotation

[Rob Hughes <rob () robhughes com>]

Ok... I admit it... I'm not bright enough to figure this out. Since
snort now logs in tcpdump format with the date () time-snort log  or
snort-date () time log (depending on whether you specify tcpdump format
from the command line or from the snort.conf file) format, I can't find
a log rotation daemon that supports regex for file names, so, I'm trying
to write a script to do it. However, I can't figure out how to get the
bloody thing to work reliably. I'm hoping that someone on here with more
experience scripting (most of you) can either point me somewhere I can
look at an example, or already has a script that does this. Otherwise,
the only choice I can see is just turning off the binary logging, which
I'd really rather not do, but I also don't want my var slice filling up
any more, which seems to happen every time I go out of town.

What would be even nicer, IMO, would be to make adding the date and time
an option, rather than hard coding it into log.c. I still fail to see
the value in doing this, since I (although I realize others don't) bzip
the log with the date and time the log was archived. Or at least I used
to.




_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users