Re: Help with tcpdump log rotation

["Anton A. Chuvakin" <anton () chuvakin org>]

> Ok... I admit it... I'm not bright enough to figure this out. Since
> snort now logs in tcpdump format with the date () time-snort log  or
> snort-date () time log (depending on whether you specify tcpdump format
> from the command line or from the snort.conf file) format, I can't find
> a log rotation daemon that supports regex for file names, so, I'm trying
> to write a script to do it. However, I can't figure out how to get the
> bloody thing to work reliably. I'm hoping that someone on here with more
> experience scripting (most of you) can either point me somewhere I can
This is mine - just move the whole dir. I hope it does what you want:

-------------------------------------
#!/bin/bash
SDIR=/var/log/snort
ADIR=/opt/daily_logs
DATE=`date +%b_%d_%Y`

/etc/rc.d/init.d/snortd stop

        mkdir $ADIR/$DATE
        /bin/cp -r $SDIR/*  $ADIR/$DATE
        /bin/rm -r $SDIR
        /bin/mkdir $SDIR

/etc/rc.d/init.d/snortd start
----------------------------

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users