Re: Redirect kill -10 output

[Dirk Geschke <Dirk_Geschke () genua de>]

Hi Alexandre,

> I'm interested in redirecting the output provided by kill -10 'pid' in a file of
> my choice.

I think you mean 

  kill -SIGUSR1 'pid'


SIGUSR1 is not equal to '10' on all systems...

> For the moment the output is in /var/log/messages, i tried several way in order
> to redirect it but nothing seems efficient.
>
> Is there a way to do it or am i forced to parse /var/log/messages ?

All you have to do is to rewrite SigUsr1Handler in src/snort.c to print
the statistics to a file. But actually SigUsr1Handler only calls DropStats
part of src/utils.c. So you have to insert this functunality in the sighandler
to write to a file descriptor.

But much worser: You should not open and close the file in a signal handler.
So you should open it on startup of snort and close it on exit so that the
handler only has to write to the file. But then you can run into trouble
due to buffered I/O...

Maybe the best idea would be to change the log facility via openlog() and
to use syslog to separate the snort messages to a separate log file.

Best regards

Dirk



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users