[Oisf-users] Suricata's http-log

Peter Bates peter.bates at ucl.ac.uk
Thu Mar 29 12:54:15 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

Suricata's inbuilt 'http log' is quite useful for adding context to
alerts and reducing the need for running additional software.

As far as I can see, this file just grows and grows until restart.

Would it be possible to add one of the following:

1) Allowing the rotation of the file on SIGHUP
2) Creating a new file when the current one is moved away (as per Argus)
3) Adding a filesize option to auto-rotate when a limit is reached

I'm trying to avoid just using logrotate to move the file and then
restarting Suricata to pick up the change - if at all possible.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPdFt3AAoJELhVoVpEMS6R0b4H/2Nt1EiXu8rZCLYN17Aiamq4
DSOlTUV2wF1gwq7/bc0frqhGYoLS28mUTJLxUtwQS+LbeJW98ZGkbuyodx2vo+9S
2AOqb0ue1qhXpves0W/5y9AXgCVBWkkYIGm/ERyHSsNUAF/MU2lGovfj9fTwKMZo
YGObRjTQwFOM1l3tllTPdRNulWNFwcakYt5rhUDUSbKTei7V40rVlXryGbGMhImq
C6po5kcWXCqRF3XkWi8I/Lb73/xMwGUBiMsjDxX5KrQ6Kst9orcRXzgKwL+cWB7V
YtbsfV9zgzOvujNqOrhH4WVEB1LwzLqSJ41/sYxWEONlMpx3rXccGut0JOFpn2c=
=pbe2
-----END PGP SIGNATURE-----




More information about the Oisf-users mailing list