[Snort-users] Help with tcpdump log rotation
erek at ...577...
Fri May 10 11:57:03 EDT 2002
On 9 May 2002, Rob Hughes wrote:
> Thanks. I have something like this in place now. If you look at the
> functionality of newsyslog, that's what I'm trying to accomplish.
> Newsyslog allows you to specify a file size, time, etc. to determine
> when it should to the rotation, as well as how many saved logs to keep.
> That's what I'm having trouble with, since I don't seem to be able to
> figure out how to make it work the way I want. I may end up having to
> learn perl or something, if I can't get this going in shell.
Guys, you could make your life a bit simpler.... :) In snort.c:
968 case 'L': /* set BinLogFile name */
969 /* implies tcpdump format logging */
970 if (strlen(optarg) < 256)
972 pv.binLogFile = strdup(optarg);
973 pv.logbin_flag = 1;
974 pv.log_cmd_override = 1;
978 FatalError("ERROR =>ParseCmdLine, log file: %s, >
than 256 characters\n",
Ok, granted: It's undocumented and therefore 'unsupported' and therefore
'subject to future change', but it would do what you want.
More information about the Snort-users