You may be able to get around it by having the logfile issue a stop command
to snort, mv, then start snort again. Would take a couple of seconds, but
you could achieve what you want. Chances of someone timing a good attack
based on your log rotation would be rough. :)

-Tim

----- Original Message -----
From: "Glenn Larsson" <ichininswipnet.se>
To: "Tim Prendergast" <tprendergastReserveAmerica.com>
Cc: <snort-userslists.sourceforge.net>
Sent: Saturday, June 01, 2002 3:21 AM
Subject: Re: [Snort-users] 2 more questions:

> Hi Tim.
>
> Problem remains; under Wintel, logfiles are locked exclusively
> by the process so any scripting will fail.
>
> I'm going to try to get MySQL up and running, so i hope that
> solves my problem (i.e. delete records older than YYYYMMDD).
>
> Thanks,
> Glenn
>
> Tim Prendergast wrote:
> > In regards to Q2, a good log rotation script could do that for you.
There's
> > a billion of them out there, so just search around for log rotation
scripts.
> >
> > Regards,
> > Tim Prendergast
> >
> > ----- Original Message -----
> > > <I wrote "yada yada yada".>
>

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]