Re: Alert file question

["Jason Fischer" <JFischer () kaytee com>]

Thanks, that did the trick!

Jason

> > > sekure <sekure () gmail com> 06/23/04 09:20AM >>>
I bet you have a script that rotates logs and snort just happens to be
logging to that directory.  Once the orignal file is zipped and a new
one created, the inode or file handle, or however snort identifies the
log file is changed.  In short, you need to HUP snort to get it to
look for the new file again.  Or better yet, take that snort log file
out of your log management script.

On Wed, 23 Jun 2004 09:13:47 -0500, Jason Fischer <jfischer () kaytee com> wrote:
> I'm using snort 2.1 on a Suse 9.1 system.  Everything works great, except for a problem with the alert file.  I'm 
> using '-A fast' as my alert option.
>
> Every morning at 4:15 am the alert file archives itself into a .gz file.  The new alert file that gets created never 
> goes about 20 bytes.  This empty file will then get archived into another .gz file and the process starts again.
>
> My question is:  Why does this new alert file remain empty?
>
> Also, if I could set it up so the alert file doesn't archive itself every morning, that would great as well.  I 
> didn't see anything in snort.conf that would allow for this.
>
> Thanks!
>
> Jason
>
> Confidentiality Notice:  This e-mail contains information that is
> privileged and confidential and subject to legal restrictions
> and penalties regarding its unauthorized disclosure or other use.
> You are prohibited from copying, distributing or otherwise using
> this information if you are not the intended recipient.
> If you have received this e-mail in error, please notify us
> immediately by return e-mail and delete this e-mail and all
> attachments from your system.  Thank you!
>
> Kaytee Products, Inc.
> 521 Clay Street
> Chilton, WI  53014
> (920)849-2321
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com 
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net 
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users 
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users 

Confidentiality Notice:  This e-mail contains information that is
privileged and confidential and subject to legal restrictions
and penalties regarding its unauthorized disclosure or other use.
You are prohibited from copying, distributing or otherwise using
this information if you are not the intended recipient.
If you have received this e-mail in error, please notify us
immediately by return e-mail and delete this e-mail and all
attachments from your system.  Thank you!

Kaytee Products, Inc.
521 Clay Street
Chilton, WI  53014
(920)849-2321



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users