[Snort-users] 2 more questions:

Tim Prendergast tprendergast at ...5901...
Thu May 23 17:06:14 EDT 2002


You may be able to get around it by having the logfile issue a stop command
to snort, mv, then start snort again. Would take a couple of seconds, but
you could achieve what you want. Chances of someone timing a good attack
based on your log rotation would be rough. :)

-Tim

----- Original Message -----
From: "Glenn Larsson" <ichinin at ...5794...>
To: "Tim Prendergast" <tprendergast at ...5901...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Saturday, June 01, 2002 3:21 AM
Subject: Re: [Snort-users] 2 more questions:


> Hi Tim.
>
> Problem remains; under Wintel, logfiles are locked exclusively
> by the process so any scripting will fail.
>
> I'm going to try to get MySQL up and running, so i hope that
> solves my problem (i.e. delete records older than YYYYMMDD).
>
> Thanks,
> Glenn
>
> Tim Prendergast wrote:
> > In regards to Q2, a good log rotation script could do that for you.
There's
> > a billion of them out there, so just search around for log rotation
scripts.
> >
> > Regards,
> > Tim Prendergast
> >
> > ----- Original Message -----
> > > <I wrote "yada yada yada".>
>





More information about the Snort-users mailing list