[Snort-devel] Events received while rotating logs.

Imran William Smith iwsmith at ...1111...
Sun May 12 18:23:01 EDT 2002


If I send a SIGHUP to snort, it rotates to new
logs and reports statistics.  What happens
to the packets received / matched during that time
(old log closed, no new one open).

Also, during this SIGHUP process, are any plugins
etc restarted, e.g. would the fragment reassembly
preprocessor get restarted and lose its state information?

We are considering very frequent SIGHUPs to break
up and transmit tiny capture files back from remote
sensors.

--
Imran William Smith
Security Products Development
x4207





More information about the Snort-devel mailing list