Snort mailing list archives
Re: Daemonlogger -- Response to Marty Roesch
From: "Turnbough, Bradley E." <bturnbough () belcan com>
Date: Fri, 24 Jul 2015 18:55:37 +0000
cat /etc/centos-release: CentOS release 6.5 (Final) Running this: daemonlogger -i p5p3 -l /var/log/daemonlogger/p5p3 -n daemonlogger-p5p3 -p daemonlogger-p5p3.pid -r -m 5 Produced this: [-] Interface set to p5p3 [-] Logpath set to /var/log/daemonlogger/p5p3 [-] Max files to write set to 5 [-] Log filename set to "daemonlogger-p5p3" [-] Pidfile configured to "daemonlogger-p5p3.pid" [-] Pidpath configured to "/var/run" [-] Ringbuffer active [-] Rollover size set to 18446744071562067968 bytes [-] Rollover time configured for 0 seconds [-] Pruning behavior set to oldest IN DIRECTORY -*> DaemonLogger <*- Version 1.2.1 By Martin Roesch (C) Copyright 2006-2007 Sourcefire Inc., All rights reserved Checking partition stats for log directory "/var/log/daemonlogger/p5p3/." sniffing on interface p5p3 start_sniffing() device p5p3 network lookup: p5p3: no IPv4 address assigned Logging packets to /var/log/daemonlogger/p5p3/daemonlogger-p5p3.1437764092 ________________________________________ From: Marty Roesch (maroesch) [maroesch () cisco com] Sent: Friday, July 24, 2015 1:52 PM To: Turnbough, Bradley E.; snort-users () lists sourceforge net Subject: Re: Daemonlogger -- Response to Marty Roesch What platform is this on? Can you grab the configuration output that it dumps to the screen when it runs and send that over too? Marty -- Martin Roesch - maroesch () cisco com VP/Chief Architect, Security Business Group ,,_ o" )~ Sourcefire Now a part of Cisco . : | : . : | : . '''' On 7/24/15, 2:39 PM, "Turnbough, Bradley E." <bturnbough () belcan com> wrote:
FYI -- I'm running Version 1.2.1, if that helps. ________________________________________ From: Turnbough, Bradley E. [bturnbough () belcan com] Sent: Friday, July 24, 2015 1:37 PM To: snort-users () lists sourceforge net Cc: maroesch () cisco com Subject: [Snort-users] Daemonlogger -- Response to Marty Roesch Hi Marty, Sorry, but I accidentally deleted our thread. I did as you requested, but daemonlogger is not rolling over to a new file after 1Gb. Here is the file: -rw-r--r-- 1 root root 2.1G Jul 24 14:34 daemonlogger-p5p3.1437762253 Here is the command: daemonlogger -d -i p5p3 -l /var/log/daemonlogger/p5p3 -n daemonlogger-p5p3 -p daemonlogger-p5p3.pid -r -m 5 _____________________________________________________________ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. -------------------------------------------------------------------------- ---- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! _____________________________________________________________ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
_____________________________________________________________ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Daemonlogger -- Response to Marty Roesch Turnbough, Bradley E. (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Turnbough, Bradley E. (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Marty Roesch (maroesch) (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Turnbough, Bradley E. (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Marty Roesch (maroesch) (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Turnbough, Bradley E. (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Marty Roesch (maroesch) (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Turnbough, Bradley E. (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Marty Roesch (maroesch) (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Turnbough, Bradley E. (Jul 27)
- Message not available
- Re: Daemonlogger -- Response to Marty Roesch Turnbough, Bradley E. (Jul 28)
- Re: Daemonlogger -- Response to Marty Roesch Marty Roesch (maroesch) (Aug 04)
- Re: Daemonlogger -- Response to Marty Roesch Marty Roesch (maroesch) (Jul 24)
- Re: Daemonlogger -- Response to Marty Roesch Turnbough, Bradley E. (Jul 24)