Snort mailing list archives
Re: Help with tcpdump log rotation
From: Eric Garnel <egarnel3470 () yahoo com>
Date: Fri, 3 May 2002 09:21:14 -0700 (PDT)
Sorry, I can't be of mcuh help, but would like to know how you solve it, as I too am experiencing the same problem --- Rob Hughes <rob () robhughes com> wrote:
Ok... I admit it... I'm not bright enough to figure this out. Since snort now logs in tcpdump format with the date () time-snort log or snort-date () time log (depending on whether you specify tcpdump format from the command line or from the snort.conf file) format, I can't find a log rotation daemon that supports regex for file names, so, I'm trying to write a script to do it. However, I can't figure out how to get the bloody thing to work reliably. I'm hoping that someone on here with more experience scripting (most of you) can either point me somewhere I can look at an example, or already has a script that does this. Otherwise, the only choice I can see is just turning off the binary logging, which I'd really rather not do, but I also don't want my var slice filling up any more, which seems to happen every time I go out of town. What would be even nicer, IMO, would be to make adding the date and time an option, rather than hard coding it into log.c. I still fail to see the value in doing this, since I (although I realize others don't) bzip the log with the date and time the log was archived. Or at least I used to. _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help with tcpdump log rotation Rob Hughes (May 03)
- Re: Help with tcpdump log rotation Eric Garnel (May 03)
- Re: Help with tcpdump log rotation Anton A. Chuvakin (May 09)
- Re: Help with tcpdump log rotation Rob Hughes (May 09)
- Re: Help with tcpdump log rotation Erek Adams (May 10)
- Re: Help with tcpdump log rotation Rob Hughes (May 10)
- Re: Help with tcpdump log rotation John Sage (May 11)
- Re: Help with tcpdump log rotation Rob Hughes (May 09)