Re: Rotating '-b' logs without stopping snort? (0% data loss...)

[Dave Cinege <dcinege () psychosis com>]

snort-users () work mumble org uk wrote:
> pig$ mkfifo /tmp/snort
> pig$ snort -b /tmp/snort
> pig$ cat /tmp/snort | ssh -e none remote.host cat \>/var/log/snort/machine1

Actually I just thought of something similar to this last night...
Writing a small C proggie to read from a pipe, and have that handle
rotating the logs out, and think this is what I'll do...

Going straight out to ssh I don't think is a good option. The hosts are
remote. Right now I'm scripted up to scp out at intervals, 
globbing any files that could not previously be sent.

If I ssh straight out, it will get messy very quick.
(The remotes are on distant nets)

Aside from this, the best option would be if snort caught a
signal and rotated itself. Yes, please TODO.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users