[Oisf-devel] http.log file rollover
Victor Julien
victor at inliniac.net
Wed Sep 7 06:34:33 EDT 2011
On 09/05/2011 04:04 PM, Brant Wells wrote:
> Hi All,
>
> Just a slight problem that I have noticed that when I logrotate the http.log
> file for Suricata, when the system creates the new file, Suricata no longer
> writes to the new, empty http.log file until I restart it.
>
> After forcing a logrotate, Suricata (or logrotate) didn't even create the
> empty http.log file. Suricata continue to run normally, just without
> updating that log file.
>
> Not sure if this is a bug or what-not, but figured I should pass it along
> anyhow.
I've seen this before in another project. It seems Suricata keeps
writing to the old file descriptor while the file is actually at a new
place (a new file was created by the rotate). I think most programs work
around this by sending a signal which reopens the file. Not sure if a
better solution exists.
> Running from git: Suricata 1.1beta2 (rev 8855990) ...
>
> On another unrelated topic... I have compiled with --enable-debug ...
>
> If suricata crashes or what-not, where can I find the core dump?
You'll have to set a ulimit: ulimit -c unlimited and then it will dump
core to suricata's CWD, which is the dir you started it from normally.
Still need to add that to the code/config to configure.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list