RE: Snort Logs

["Grejda, Eric" <EGrejda () county allegheny pa us>]

When the Snort process is sent the HUP signal, it'll close the file
descriptor for that log file and reopen it,
essentially opening a new file.  You won't have to reboot the system; you
won't even have to restart Snort because
that's what the `kill -HUP` command does.  As for compressing the file, if
you have the directive 'compress' in
your /etc/logrotate.conf file the log file will be compressed as it's
rotated out.

--
Eric Grejda
 

-----Original Message-----
From: Keaton, Lindamaria [mailto:LKeaton () unionsafe com] 
Sent: Wednesday, September 17, 2003 2:37 PM
To: Demetri Mouratis
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort Logs

How will a new file generate? How I see this, it will kill snort but not
restart it. Will I then have to reboot the system, in order for a new alert
file to generate. Is that correct, or am I completely wrong?

This is what I'm trying to accomplish. I want the alert file to either
compress and move to a different directory, but then start a new alert file
without kill snort. Is there a way to do this?


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users