Snort mailing list archives
Re: logging traffic
From: Joerg Mertin <smurphy () solsys org>
Date: Thu, 14 Aug 2003 09:01:38 +0200
Hmmm, on a Linux system - you can always create a definition for logrotate. It might be tricki though if using dynamically created files. But if using a Database backend, and only the Alert file in /var/log/snort/alert to be rotated, the rule for logrotate would look like this on a Mandrake-9.1 system: # cat /etc/logrotate.d/snortd /var/log/snort/alert { sharedscripts rotate 5 weekly postrotate /usr/bin/killall -HUP snortd # endscript } I Don't know if restarting the entire application is better or not - however - I think it should work :) Just testing it now. Cheers Joerg On Thursday 14 August 2003 02:16, Erek Adams wrote:
On Thu, 14 Aug 2003, Faiz Ahmad Shuja wrote:Yes, I think you can. Anyone please correct if I am wrong. You can limit file size by using unified output plugin.Close, but not quite. He wanted files to be rotated every time they reached a certain size. Unified doesn't do that. The limit is the max size of the file. Once the size is reached, the file pointer wraps around and starts filling up again from the 'front' of the file. I think I've heard things like that referred to as a 'circular file'. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson
-- It is said that the lonely eagle flies to the mountain peaks while the lowly ant crawls the ground, but cannot the soul of the ant soar as high as the eagle? ------------------------------------------------------------------------ | Joerg Mertin : smurphy () solsys org (Home)| | in Neuchâtel/Schweiz : smurphy () linux de (Alt1)| | Stardust's LiNUX System : smurphy () net2000 ch (Alt2)| | Web: http://www.solsys.org: Voice & Fax: +41(0)32 / 725 52 54 | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging traffic zidan (Aug 13)
- Re: logging traffic Erek Adams (Aug 13)
- RE: logging traffic Faiz Ahmad Shuja (Aug 13)
- RE: logging traffic Erek Adams (Aug 13)
- Re: logging traffic Joerg Mertin (Aug 14)
- Commercial sniffer samwun (Aug 14)
- Re: Commercial sniffer Ravi (Aug 14)
- RE: logging traffic Erek Adams (Aug 13)
- <Possible follow-ups>
- RE: logging traffic Kevin Binsfield (Aug 14)