[Snort-users] Help with tcpdump log rotation

Erek Adams erek at ...577...
Fri May 10 11:57:03 EDT 2002


On 9 May 2002, Rob Hughes wrote:

> Thanks. I have something like this in place now. If you look at the
> functionality of newsyslog, that's what I'm trying to accomplish.
> Newsyslog allows you to specify a file size, time, etc. to determine
> when it should to the rotation, as well as how many saved logs to keep.
> That's what I'm having trouble with, since I don't seem to be able to
> figure out how to make it work the way I want. I may end up having to
> learn perl or something, if I can't get this going in shell.

Guys, you could make your life a bit simpler....  :)  In snort.c:

    968             case 'L':  /* set BinLogFile name */
    969                 /* implies tcpdump format logging */
    970                 if (strlen(optarg) < 256)
    971                 {
    972                     pv.binLogFile = strdup(optarg);
    973                     pv.logbin_flag = 1;
    974                     pv.log_cmd_override = 1;
    975                 }
    976                 else
    977                 {
    978                     FatalError("ERROR =>ParseCmdLine, log file: %s, >
than 256 characters\n",
    979                             optarg);
    980                 }
    981                 break;

Ok, granted:  It's undocumented and therefore 'unsupported' and therefore
'subject to future change', but it would do what you want.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list