Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Log Rotation

From: Stephane Nasdrovisky <stephane.nasdrovisky () uniway be>
Date: Fri, 05 Dec 2003 13:13:33 +0100
I don't think snort understand kill -HUP as you expect it (reload you config, close/reopen log files).Instead, it kills 
snort. You'd better use something like
postrotate
                /sbin/killall snort
                /usr/local/bin/snort -your usual arguments- (,or maybe  /etc/rc.d/init.d/snort start)
endscript
or
postrotate
                /etc/rc.d/init.d/snort restart
endscript

----- Original Message -----
From: "Keaton, Lindamaria" <LKeaton () unionsafe com>


Hello everyone. I'm trying to configure snort to rotate logs into a


I think you're trying to configure logrotate to rotate snort logs.


/var/log/snort/alert {
       compress
       size=1k
       olddir /var/log/snort-backups
       mail networkadmin () unionsafe com
       postrotate
               /sbin/killall -HUP snort
       endscript
}

I have to reboot the server every morning to get snort running again. 


It seems you're NT minded, maybe should you try this :-)
        postrotate
                reboot
        endscript



Does anyone have any ideas on how I can configure this to work?





-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: