[Oisf-users] Suricata's http-log
Martin Holste
mcholste at gmail.com
Thu Mar 29 13:46:07 UTC 2012
One other thing that would be nice and would be easier: can it log to
the syslog facility? Then you could have your system's syslog handle
rotation, etc.
On Thu, Mar 29, 2012 at 7:54 AM, Peter Bates <peter.bates at ucl.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello all
>
> Suricata's inbuilt 'http log' is quite useful for adding context to
> alerts and reducing the need for running additional software.
>
> As far as I can see, this file just grows and grows until restart.
>
> Would it be possible to add one of the following:
>
> 1) Allowing the rotation of the file on SIGHUP
> 2) Creating a new file when the current one is moved away (as per Argus)
> 3) Adding a filesize option to auto-rotate when a limit is reached
>
> I'm trying to avoid just using logrotate to move the file and then
> restarting Suricata to pick up the change - if at all possible.
>
> - --
> Peter Bates
> Senior Computer Security Officer Phone: +44(0)2076792049
> Information Services Division Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPdFt3AAoJELhVoVpEMS6R0b4H/2Nt1EiXu8rZCLYN17Aiamq4
> DSOlTUV2wF1gwq7/bc0frqhGYoLS28mUTJLxUtwQS+LbeJW98ZGkbuyodx2vo+9S
> 2AOqb0ue1qhXpves0W/5y9AXgCVBWkkYIGm/ERyHSsNUAF/MU2lGovfj9fTwKMZo
> YGObRjTQwFOM1l3tllTPdRNulWNFwcakYt5rhUDUSbKTei7V40rVlXryGbGMhImq
> C6po5kcWXCqRF3XkWi8I/Lb73/xMwGUBiMsjDxX5KrQ6Kst9orcRXzgKwL+cWB7V
> YtbsfV9zgzOvujNqOrhH4WVEB1LwzLqSJ41/sYxWEONlMpx3rXccGut0JOFpn2c=
> =pbe2
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list