[Oisf-users] Suricata's http-log
Victor Julien
victor at inliniac.net
Thu Mar 29 14:17:22 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/29/2012 03:46 PM, Martin Holste wrote:
> One other thing that would be nice and would be easier: can it log
> to the syslog facility? Then you could have your system's syslog
> handle rotation, etc.
>
> On Thu, Mar 29, 2012 at 7:54 AM, Peter Bates
> <peter.bates at ucl.ac.uk> wrote:
>
> Hello all
>
> Suricata's inbuilt 'http log' is quite useful for adding context
> to alerts and reducing the need for running additional software.
>
> As far as I can see, this file just grows and grows until restart.
>
> Would it be possible to add one of the following:
>
> 1) Allowing the rotation of the file on SIGHUP 2) Creating a new
> file when the current one is moved away (as per Argus) 3) Adding a
> filesize option to auto-rotate when a limit is reached
>
> I'm trying to avoid just using logrotate to move the file and then
> restarting Suricata to pick up the change - if at all possible.
Shouldn't be hard to do. The output API for those line based logs like
http.log, fast.log, etc already supports unix socket, and I think
adding syslog shouldn't be very hard. Might be a nice project for
someone that wants to get familiar with our code base and dev procedures.
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk90bvIACgkQiSMBBAuniMe49gCdHS/GxWwp8um6gCsjl+SpLtnJ
w/oAn2dX2acUEVtRgr+u2kUbl8rr73ok
=XQA5
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list