Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: logging traffic

From: Joerg Mertin <smurphy () solsys org>
Date: Thu, 14 Aug 2003 09:01:38 +0200
Hmmm,

on a Linux system - you can always create a definition for logrotate.
It might be tricki though if using dynamically created files. But if using a 
Database backend, and only the Alert file in /var/log/snort/alert to be 
rotated, the rule for logrotate would look like this on a Mandrake-9.1 
system:
# cat /etc/logrotate.d/snortd 
/var/log/snort/alert {
        sharedscripts
        rotate 5
        weekly
        postrotate
        /usr/bin/killall -HUP snortd #
        endscript
}

I Don't know if restarting the entire application is better or not - however - 
I think it should work :) Just testing it now.

Cheers

        Joerg

On Thursday 14 August 2003 02:16, Erek Adams wrote:

On Thu, 14 Aug 2003, Faiz Ahmad Shuja wrote:

Yes, I think you can. Anyone please correct if I am wrong. You can limit
file size by using unified output plugin.


Close, but not quite.  He wanted files to be rotated every time they
reached a certain size.  Unified doesn't do that.  The limit is the max
size of the file.  Once the size is reached, the file pointer wraps around
and starts filling up again from the 'front' of the file.  I think I've
heard things like that referred to as a 'circular file'.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

-- 
It is said that the lonely eagle flies to the mountain peaks while the lowly
ant crawls the ground, but cannot the soul of the ant soar as high as the 
eagle?
------------------------------------------------------------------------
| Joerg Mertin              :  smurphy () solsys org                (Home)|
| in Neuchâtel/Schweiz      :  smurphy () linux de                  (Alt1)|
| Stardust's LiNUX System   :  smurphy () net2000 ch                (Alt2)|
| Web: http://www.solsys.org:  Voice & Fax: +41(0)32 / 725 52 54       |
------------------------------------------------------------------------
PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: