Snort mailing list archives
RE: Subject: Reload rules w/o restarting ? (or over writing snort.log)
From: Steve.Rudolph () jwt com
Date: Mon, 15 Oct 2001 14:55:25 -0400
In the words of a great philosopher:
"DOH!"
-Homer Simpson
Steve Rudolph CCSA, CCSE
J. Walter Thompson
World Wide IT
Kevin Brown
<Kevin.M.Brown () asu edu> To: snort-users () lists sourceforge net
Sent by: cc:
snort-users-admin@lists.sourc Subject: RE: Subject: [Snort-users] Reload rules w/o
restarting ? (or
eforge.net over writing snort.log)
10/15/2001 02:15 PM
Well it looks like from your command-line options that you are specifying
the name of the log file (-L snort.log), so that must be the culprit
overwriting the file. You could remove it and just symlink snort.log to
whatever log file is the one you want.
ln -s mmdd () hhmm-snort log snort.log
-----Original Message----- From: Steve.Rudolph () jwt com [mailto:Steve.Rudolph () jwt com] Sent: Monday, October 15, 2001 11:05 To: snort-users () lists sourceforge net Subject: Re: Subject: [Snort-users] Reload rules w/o restarting ? (or overwriting snort.log) Hmm, Maybe I have a problem here then. It does overwrite the logfile everytime and does not seem to save the old one! This is my run command: /usr/local/bin/snort -i eth0 -b -o -l /var/snort/logs/ -L snort.log -c /var/snort/conf/snort.conf -D Might there be something in the snort.conf file? Steve Rudolph CCSA, CCSE J. Walter Thompson World Wide IT Erek Adams <erek () theadamsfamily net> To: Steve Rudolph/WWIT/J Walter Thompson@JWT Sent by: cc: <snort-users () lists sourceforge net> snort-users-admin@lists.sourc Subject: Re: Subject: [Snort-users] Reload rules w/o restarting ? eforge.net (or overwriting snort.log) 10/12/2001 04:58 PM On Fri, 12 Oct 2001 Steve.Rudolph () jwt com wrote:Thank you for that. Now is there a way to continue to append to the snort.log file when logging packets in binary form whilenot overwritingit?No real need to worry about it. Snort will use a format like "0828 () 0802-snort log" for the file name. mmdd@hhmm is the date and time that snort was last restarted. No log overwrites. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Subject: Reload rules w/o restarting ? (or over writing snort.log) Kevin Brown (Oct 15)
- <Possible follow-ups>
- RE: Subject: Reload rules w/o restarting ? (or over writing snort.log) Steve . Rudolph (Oct 15)