Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rotating '-b' logs without stopping snort? (0% data loss...)

From: snort-users () work mumble org uk
Date: Tue, 24 Jul 2001 11:34:39 +0100
On Tue, Jul 24, 2001 at 05:01:47AM -0400, Dave Cinege wrote:


How can I resolve this? If I need to do some recoding of snort I can, though
KISS is best. (I was thinking maybe sending a signal to the
process to pause file writing and buffer util getting another signal
to resume writing)


I've looked at this as well (albeit in not great depth) have you
considered using netpipes (fifo over tcp type thing) dunno how well this
would work, simple case, try

pig$ mkfifo /tmp/snort
pig$ snort -b /tmp/snort
pig$ cat /tmp/snort | ssh -e none remote.host cat \>/var/log/snort/machine1

i'll get me coat..

-- 
Ben Hughes, <ben.hughes [at] uk.easynet.net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: