|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] Closing -b log file
From: Andrew R. Baker (andrewb
uab.edu)Date: Tue Mar 07 2000 - 10:11:37 CST
- Next message: Jed Pickel: "Re: [snort] Re: [anno] php snort statistics web page script"
- Previous message: Stuart Staniford-Chen: "[snort] Rapidnet sig error?"
- In reply to: Martin Roesch: "Re: [snort] Closing -b log file"
- Next in thread: Martin Roesch: "Re: [snort] Closing -b log file"
- Reply: Andrew R. Baker: "Re: [snort] Closing -b log file"
- Reply: Martin Roesch: "Re: [snort] Closing -b log file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This will teach me to be more explicit, what I really want is a way to
tell snort to close the current log and open a new one. Then I can have
this done once a day when I rotate the alert logs, so I have a matched
set.
On Mon, 6 Mar 2000, Martin Roesch wrote:
> Which version are you using? I believe that we're flushing it in 1.5.2+
> as well as the 1.6-beta series. Check out the LogBin() function in
> log.c for confirmation. You should see an fflush() call in there....
>
> "Andrew R. Baker" wrote:
> >
> > Is there a way to have snort close the tcpdump style log file (generated
> > from the -b option) without just killing and restarting?
- Next message: Jed Pickel: "Re: [snort] Re: [anno] php snort statistics web page script"
- Previous message: Stuart Staniford-Chen: "[snort] Rapidnet sig error?"
- In reply to: Martin Roesch: "Re: [snort] Closing -b log file"
- Next in thread: Martin Roesch: "Re: [snort] Closing -b log file"
- Reply: Andrew R. Baker: "Re: [snort] Closing -b log file"
- Reply: Martin Roesch: "Re: [snort] Closing -b log file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]