OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Eric Garnel (egarnel3470yahoo.com)
Date: Fri May 03 2002 - 11:21:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Sorry, I can't be of mcuh help, but would like to know how you solve
    it, as I too am experiencing the same problem
    --- Rob Hughes <robrobhughes.com> wrote:
    > Ok... I admit it... I'm not bright enough to figure this out. Since
    > snort now logs in tcpdump format with the datetime-snort.log or
    > snort-datetime.log (depending on whether you specify tcpdump
    > format
    > from the command line or from the snort.conf file) format, I can't
    > find
    > a log rotation daemon that supports regex for file names, so, I'm
    > trying
    > to write a script to do it. However, I can't figure out how to get
    > the
    > bloody thing to work reliably. I'm hoping that someone on here with
    > more
    > experience scripting (most of you) can either point me somewhere I
    > can
    > look at an example, or already has a script that does this.
    > Otherwise,
    > the only choice I can see is just turning off the binary logging,
    > which
    > I'd really rather not do, but I also don't want my var slice
    > filling up
    > any more, which seems to happen every time I go out of town.
    >
    > What would be even nicer, IMO, would be to make adding the date and
    > time
    > an option, rather than hard coding it into log.c. I still fail to
    > see
    > the value in doing this, since I (although I realize others don't)
    > bzip
    > the log with the date and time the log was archived. Or at least I
    > used
    > to.
    >
    >
    >
    >
    > _______________________________________________________________
    >
    > Have big pipes? SourceForge.net is looking for download mirrors. We
    > supply
    > the hardware. You get the recognition. Email Us:
    > bandwidthsourceforge.net
    > _______________________________________________
    > Snort-users mailing list
    > Snort-userslists.sourceforge.net
    > Go to this URL to change user options or unsubscribe:
    > https://lists.sourceforge.net/lists/listinfo/snort-users
    > Snort-users list archive:
    > http://www.geocrawler.com/redir-sf.php3?list=snort-users

    __________________________________________________
    Do You Yahoo!?
    Yahoo! Health - your guide to health and wellness
    http://health.yahoo.com

    _______________________________________________________________

    Have big pipes? SourceForge.net is looking for download mirrors. We supply
    the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users