--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 20, 2004 at 04:58:29AM -0400, Mark Thomas wrote:
> Has anyone been able to rotate their snort alert logs using newsyslog?
> I have tried several different combinations in the newsyslog.conf file
> with out any luck. It will gzip and number the the files, even create
> a new one but no alerts are logged into it. My last atempt was this;
> #/var/log/snort/alert snort:snort  600  7    *    24   Z  /var/run/snort
> _bge0.pid
>=20
> snort info -> snort-mysql-2.1.3 built from source in pkgsrc
>=20
> % /usr/pkg/bin/snort -V

Try the P option with Z. This will prevent the .0 file from being compresse=
sd
(useful if the snort process is still writing to the log whilst it is being
rotated and for a short will after it takes the signal - this is needed
with apache sometimes).

--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFA/PmdloMtOdQmpCwRAofoAJ4xJivbJHQ/jTaKygdO3v2EyLxD9ACfVXGs
pOpT3xre0SsHXJ1EhwONEXM=
=k7WT
-----END PGP SIGNATURE-----

--ikeVEW9yuYc//A+q--