[Snort-users] Log Rotation

Stephane Nasdrovisky stephane.nasdrovisky at ...4735...
Fri Dec 5 04:14:03 EST 2003


I don't think snort understand kill -HUP as you expect it (reload you config, close/reopen log files).Instead, it kills snort. You'd better use something like
postrotate
                /sbin/killall snort
                /usr/local/bin/snort -your usual arguments- (,or maybe  /etc/rc.d/init.d/snort start)
endscript
or
postrotate
                /etc/rc.d/init.d/snort restart
endscript

----- Original Message -----
From: "Keaton, Lindamaria" <LKeaton at ...10093...>

> Hello everyone. I'm trying to configure snort to rotate logs into a

I think you're trying to configure logrotate to rotate snort logs.

> /var/log/snort/alert {
>        compress
>        size=1k
>        olddir /var/log/snort-backups
>        mail networkadmin at ...10093...
>        postrotate
>                /sbin/killall -HUP snort
>        endscript
> }
> 
> I have to reboot the server every morning to get snort running again. 

It seems you're NT minded, maybe should you try this :-)
        postrotate
                reboot
        endscript


> Does anyone have any ideas on how I can configure this to work?






More information about the Snort-users mailing list