[Snort-users] Help with tcpdump log rotation

Rob Hughes rob at ...1932...
Thu May 9 19:15:02 EDT 2002


Anton,

Thanks. I have something like this in place now. If you look at the
functionality of newsyslog, that's what I'm trying to accomplish.
Newsyslog allows you to specify a file size, time, etc. to determine
when it should to the rotation, as well as how many saved logs to keep.
That's what I'm having trouble with, since I don't seem to be able to
figure out how to make it work the way I want. I may end up having to
learn perl or something, if I can't get this going in shell.

On Thu, 2002-05-09 at 17:28, Anton A. Chuvakin wrote:
> >Ok... I admit it... I'm not bright enough to figure this out. Since
> >snort now logs in tcpdump format with the date at ...5773...  or
> >snort-date at ...5774... (depending on whether you specify tcpdump format
> >from the command line or from the snort.conf file) format, I can't find
> >a log rotation daemon that supports regex for file names, so, I'm trying
> >to write a script to do it. However, I can't figure out how to get the
> >bloody thing to work reliably. I'm hoping that someone on here with more
> >experience scripting (most of you) can either point me somewhere I can
> This is mine - just move the whole dir. I hope it does what you want:
> 
> -------------------------------------
> #!/bin/bash
> SDIR=/var/log/snort
> ADIR=/opt/daily_logs
> DATE=`date +%b_%d_%Y`
> 
> /etc/rc.d/init.d/snortd stop
> 
>         mkdir $ADIR/$DATE
>         /bin/cp -r $SDIR/*  $ADIR/$DATE
>         /bin/rm -r $SDIR
>         /bin/mkdir $SDIR
> 
> /etc/rc.d/init.d/snortd start
> ----------------------------
> 
> Best,
> -- 
>      Anton A. Chuvakin, Ph.D.
>      http://www.chuvakin.org
>    http://www.info-secure.org
> 





More information about the Snort-users mailing list