Re: Help with tcpdump log rotation

[Erek Adams <erek () theadamsfamily net>]

On 9 May 2002, Rob Hughes wrote:

> Thanks. I have something like this in place now. If you look at the
> functionality of newsyslog, that's what I'm trying to accomplish.
> Newsyslog allows you to specify a file size, time, etc. to determine
> when it should to the rotation, as well as how many saved logs to keep.
> That's what I'm having trouble with, since I don't seem to be able to
> figure out how to make it work the way I want. I may end up having to
> learn perl or something, if I can't get this going in shell.

Guys, you could make your life a bit simpler....  :)  In snort.c:

    968             case 'L':  /* set BinLogFile name */
    969                 /* implies tcpdump format logging */
    970                 if (strlen(optarg) < 256)
    971                 {
    972                     pv.binLogFile = strdup(optarg);
    973                     pv.logbin_flag = 1;
    974                     pv.log_cmd_override = 1;
    975                 }
    976                 else
    977                 {
    978                     FatalError("ERROR =>ParseCmdLine, log file: %s, >
than 256 characters\n",
    979                             optarg);
    980                 }
    981                 break;

Ok, granted:  It's undocumented and therefore 'unsupported' and therefore
'subject to future change', but it would do what you want.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users