Subject: [Snort-users] Reload rules w/o restarting ? (or over writing snort.log)

Steve.Rudolph at ...3595... Steve.Rudolph at ...3595...
Mon Oct 15 11:56:03 EDT 2001


In the words of a great philosopher:
"DOH!"
-Homer Simpson

Steve Rudolph CCSA, CCSE
J. Walter Thompson
World Wide IT


                                                                                                                                  
                    Kevin Brown                                                                                                   
                    <Kevin.M.Brown at ...1022...>             To:     snort-users at lists.sourceforge.net                                 
                    Sent by:                            cc:                                                                       
                    snort-users-admin at ...635...       Subject:     RE: Subject: [Snort-users] Reload rules w/o restarting ? (or 
                    eforge.net                           over   writing snort.log)                                                
                                                                                                                                  
                                                                                                                                  
                    10/15/2001 02:15 PM                                                                                           
                                                                                                                                  
                                                                                                                                  




Well it looks like from your command-line options that you are specifying
the name of the log file (-L snort.log), so that must be the culprit
overwriting the file.  You could remove it and just symlink snort.log to
whatever log file is the one you want.

ln -s mmdd at ...3818... snort.log

> -----Original Message-----
> From: Steve.Rudolph at ...3595... [mailto:Steve.Rudolph at ...3595...]
> Sent: Monday, October 15, 2001 11:05
> To: snort-users at lists.sourceforge.net
> Subject: Re: Subject: [Snort-users] Reload rules w/o restarting ? (or
> overwriting snort.log)
>
>
>
> Hmm,
> Maybe I have a problem here then.  It does overwrite the
> logfile everytime
> and does not seem to save the old one!
> This is my run command: /usr/local/bin/snort -i eth0 -b -o -l
> /var/snort/logs/ -L snort.log -c /var/snort/conf/snort.conf -D
> Might there be something in the snort.conf file?
>
> Steve Rudolph CCSA, CCSE
> J. Walter Thompson
> World Wide IT
>
>
>
>
>                     Erek Adams
>
>                     <erek at ...577...>           To:
>   Steve Rudolph/WWIT/J Walter Thompson at ...3817...
>                     Sent by:                            cc:
>   <snort-users at lists.sourceforge.net>
>                     snort-users-admin at ...635...
> Subject:     Re: Subject: [Snort-users] Reload rules w/o
> restarting ?
>                     eforge.net                           (or
> overwriting snort.log)
>
>
>
>
>                     10/12/2001 04:58 PM
>
>
>
>
>
>
>
>
>
> On Fri, 12 Oct 2001 Steve.Rudolph at ...3595... wrote:
>
> > Thank you for that.  Now is there a way to continue to append to the
> > snort.log file when logging packets in binary form while
> not overwriting
> > it?
>
> No real need to worry about it.  Snort will use a format like
> "0828 at ...3802..." for the file name.  mmdd at ...449... is the
> date and time
> that
> snort was last restarted.  No log overwrites.
>
> Cheers!
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list