[Snort-users] Help with tcpdump log rotation

Anton A. Chuvakin anton at ...5376...
Thu May 9 15:29:03 EDT 2002


>Ok... I admit it... I'm not bright enough to figure this out. Since
>snort now logs in tcpdump format with the date at ...5773...  or
>snort-date at ...5774... (depending on whether you specify tcpdump format
>from the command line or from the snort.conf file) format, I can't find
>a log rotation daemon that supports regex for file names, so, I'm trying
>to write a script to do it. However, I can't figure out how to get the
>bloody thing to work reliably. I'm hoping that someone on here with more
>experience scripting (most of you) can either point me somewhere I can
This is mine - just move the whole dir. I hope it does what you want:

-------------------------------------
#!/bin/bash
SDIR=/var/log/snort
ADIR=/opt/daily_logs
DATE=`date +%b_%d_%Y`

/etc/rc.d/init.d/snortd stop

        mkdir $ADIR/$DATE
        /bin/cp -r $SDIR/*  $ADIR/$DATE
        /bin/rm -r $SDIR
        /bin/mkdir $SDIR

/etc/rc.d/init.d/snortd start
----------------------------

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org





More information about the Snort-users mailing list