Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort Logs

From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Wed, 17 Sep 2003 16:59:02 -0500 (CDT)
On Wed, 17 Sep 2003, Keaton, Lindamaria wrote:


How will a new file generate? How I see this, it will kill snort but not
restart it. Will I then have to reboot the system, in order for a new
alert file to generate. Is that correct, or am I completely wrong?

This is what I'm trying to accomplish. I want the alert file to either
compress and move to a different directory, but then start a new alert
file without kill snort. Is there a way to do this?



No.  You have to at least HUP snort to make it let go of the file handle
for /var/log/snort/alert.1 after you call logrotate.
---------------------------------------------------------------------
Demetri Mouratis
dmourati () linfactory com



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: