[Oisf-users] Suricata's http-log
Peter Bates
peter.bates at ucl.ac.uk
Thu Mar 29 12:54:15 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
Suricata's inbuilt 'http log' is quite useful for adding context to
alerts and reducing the need for running additional software.
As far as I can see, this file just grows and grows until restart.
Would it be possible to add one of the following:
1) Allowing the rotation of the file on SIGHUP
2) Creating a new file when the current one is moved away (as per Argus)
3) Adding a filesize option to auto-rotate when a limit is reached
I'm trying to avoid just using logrotate to move the file and then
restarting Suricata to pick up the change - if at all possible.
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPdFt3AAoJELhVoVpEMS6R0b4H/2Nt1EiXu8rZCLYN17Aiamq4
DSOlTUV2wF1gwq7/bc0frqhGYoLS28mUTJLxUtwQS+LbeJW98ZGkbuyodx2vo+9S
2AOqb0ue1qhXpves0W/5y9AXgCVBWkkYIGm/ERyHSsNUAF/MU2lGovfj9fTwKMZo
YGObRjTQwFOM1l3tllTPdRNulWNFwcakYt5rhUDUSbKTei7V40rVlXryGbGMhImq
C6po5kcWXCqRF3XkWi8I/Lb73/xMwGUBiMsjDxX5KrQ6Kst9orcRXzgKwL+cWB7V
YtbsfV9zgzOvujNqOrhH4WVEB1LwzLqSJ41/sYxWEONlMpx3rXccGut0JOFpn2c=
=pbe2
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list