Snort mailing list archives

Re: Help with tcpdump log rotation

From: Rob Hughes <rob () robhughes com>
Date: 09 May 2002 21:20:07 -0500

Anton,

Thanks. I have something like this in place now. If you look at the
functionality of newsyslog, that's what I'm trying to accomplish.
Newsyslog allows you to specify a file size, time, etc. to determine
when it should to the rotation, as well as how many saved logs to keep.
That's what I'm having trouble with, since I don't seem to be able to
figure out how to make it work the way I want. I may end up having to
learn perl or something, if I can't get this going in shell.

On Thu, 2002-05-09 at 17:28, Anton A. Chuvakin wrote:

Ok... I admit it... I'm not bright enough to figure this out. Since
snort now logs in tcpdump format with the date () time-snort log  or
snort-date () time log (depending on whether you specify tcpdump format
from the command line or from the snort.conf file) format, I can't find
a log rotation daemon that supports regex for file names, so, I'm trying
to write a script to do it. However, I can't figure out how to get the
bloody thing to work reliably. I'm hoping that someone on here with more
experience scripting (most of you) can either point me somewhere I can

This is mine - just move the whole dir. I hope it does what you want:

-------------------------------------
#!/bin/bash
SDIR=/var/log/snort
ADIR=/opt/daily_logs
DATE=`date +%b_%d_%Y`

/etc/rc.d/init.d/snortd stop

        mkdir $ADIR/$DATE
        /bin/cp -r $SDIR/*  $ADIR/$DATE
        /bin/rm -r $SDIR
        /bin/mkdir $SDIR

/etc/rc.d/init.d/snortd start
----------------------------

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org



_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Help with tcpdump log rotation Rob Hughes (May 03)
- Re: Help with tcpdump log rotation Eric Garnel (May 03)
- Re: Help with tcpdump log rotation Anton A. Chuvakin (May 09)
  - Re: Help with tcpdump log rotation Rob Hughes (May 09)
    - Re: Help with tcpdump log rotation Erek Adams (May 10)
    - Re: Help with tcpdump log rotation Rob Hughes (May 10)
    - Re: Help with tcpdump log rotation John Sage (May 11)