[Snort-users] rotating logs?

Erek Adams erek at ...577...
Mon Sep 23 11:26:02 EDT 2002


On Mon, 23 Sep 2002, /dev/null wrote:

> We'd like to have our binary snort log rotate out every 24 hours without
> interupting snort.  This way we can store a month (or more) of network
> activity to post-analize activity if we see something suspicious and
> want to back-track.
>
> What would be an easy way to copy the current log out and re-start it
> without losing any data?

Send Snort a SIGHUP.  Snort will drop restart and close all open files.  Once
it closes the binary file have a scipt move the old log to another name or
location.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list