[Oisf-users] Suricata's http-log
Victor Julien
victor at inliniac.net
Thu Mar 29 14:14:41 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/29/2012 02:54 PM, Peter Bates wrote:
>
> Hello all
>
> Suricata's inbuilt 'http log' is quite useful for adding context
> to alerts and reducing the need for running additional software.
>
> As far as I can see, this file just grows and grows until restart.
>
> Would it be possible to add one of the following:
>
> 1) Allowing the rotation of the file on SIGHUP 2) Creating a new
> file when the current one is moved away (as per Argus) 3) Adding a
> filesize option to auto-rotate when a limit is reached
>
> I'm trying to avoid just using logrotate to move the file and then
> restarting Suricata to pick up the change - if at all possible.
>
You can use the trick described here:
https://redmine.openinfosecfoundation.org/issues/265#note-4
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk90blEACgkQiSMBBAuniMcZlACfeuJi17RhH942EUA0lxtFPtGI
J34AnjuQn25Qdkqi2cPXw5TszFadcLHi
=QTqC
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list