[Snort-users] Snort Logs

Demetri Mouratis dmourati at ...3877...
Wed Sep 17 15:00:16 EDT 2003


On Wed, 17 Sep 2003, Keaton, Lindamaria wrote:

> How will a new file generate? How I see this, it will kill snort but not
> restart it. Will I then have to reboot the system, in order for a new
> alert file to generate. Is that correct, or am I completely wrong?
>
> This is what I'm trying to accomplish. I want the alert file to either
> compress and move to a different directory, but then start a new alert
> file without kill snort. Is there a way to do this?
>

No.  You have to at least HUP snort to make it let go of the file handle
for /var/log/snort/alert.1 after you call logrotate.
---------------------------------------------------------------------
Demetri Mouratis
dmourati at ...3878...





More information about the Snort-users mailing list