126708 – snort &+ logrotate : kill -HUP of snort is needed

Bug 126708 - snort &+ logrotate : kill -HUP of snort is needed

Summary: snort &+ logrotate : kill -HUP of snort is needed

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Netmon project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-03-18 12:35 UTC by Toralf Förster
Modified:	2006-12-04 13:55 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
logrotae.d - snort file (snort,126 bytes, text/plain) 2006-11-27 02:12 UTC, Toralf Förster	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Toralf Förster gentoo-dev

2006-03-18 12:35:10 UTC

after rotatoing the log ro prevent these timestamps:

n22 ~ # ls -lt /var/log/snort/alert*
-rw-------  1 snort snort 12697 Mar 18 19:38 /var/log/snort/alert.1
-rw-------  1 snort snort     0 Mar 17 21:20 /var/log/snort/alert
-rw-------  1 snort snort  2229 Mar 16 21:23 /var/log/snort/alert.2
-rw-------  1 snort snort  3189 Mar 15 19:27 /var/log/snort/alert.3
-rw-------  1 snort snort  4622 Mar 14 19:35 /var/log/snort/alert.5
-rw-------  1 snort snort     0 Mar 13 19:40 /var/log/snort/alert.4
-rw-------  1 snort snort  1298 Mar 12 16:00 /var/log/snort/alert.7

Realized this while analysing non-working cron job for snortalog (the time stamp were tested to deside whether new entries have arrived or not)

Comment 1 Toralf Förster gentoo-dev

2006-03-18 12:38:50 UTC

or better, add asimilar line to the logrotate file :

 postrotate
        /bin/kill -HUP `cat /var/run/snort*.pid`

Comment 2 Markus Ullmann (RETIRED) gentoo-dev

2006-10-08 14:27:02 UTC

Hrm I somehow fail to find this file, which package does install that?

Comment 3 Toralf Förster gentoo-dev

2006-10-09 06:52:01 UTC

snortalog IIRC (in the meantime I unmerged that package, b/c BASE is better)

Comment 4 Cédric Krier gentoo-dev

2006-11-25 09:53:27 UTC

From which package the logrotate file comes?

Comment 5 Toralf Förster gentoo-dev

2006-11-25 10:17:42 UTC

tfoerste@n22 ~ $ equery --nocolor --quiet belongs /etc/logrotate.d/.keep
app-admin/logrotate-3.7.1-r2 (/etc/logrotate.d/.keep)

Comment 6 Cédric Krier gentoo-dev

2006-11-26 04:50:56 UTC

(In reply to comment #5)
> tfoerste@n22 ~ $ equery --nocolor --quiet belongs /etc/logrotate.d/.keep
> app-admin/logrotate-3.7.1-r2 (/etc/logrotate.d/.keep)
> 

I was talking about the logrotate file that rotate the snort logs

Comment 7 Toralf Förster gentoo-dev

2006-11-26 11:53:12 UTC

(In reply to comment #6)
> (In reply to comment #5)
> > tfoerste@n22 ~ $ equery --nocolor --quiet belongs /etc/logrotate.d/.keep
> > app-admin/logrotate-3.7.1-r2 (/etc/logrotate.d/.keep)
> > 
> 
> I was talking about the logrotate file that rotate the snort logs
> 
As stated in https://bugs.gentoo.org/show_bug.cgi?id=126708#c3 it could come from net-analyzer/snortalog-2.4.0

Comment 8 Cédric Krier gentoo-dev

2006-11-26 12:16:52 UTC

I don't understand. If net-analyzer/snortalog don't provide the logrotate file, it is not a bug.
You can create a attachment with le logrotate file if you want to be put in snort ebuild

Comment 9 Toralf Förster gentoo-dev

2006-11-27 02:12:01 UTC

Created attachment 102831 [details]
logrotae.d - snort file

I use this file.

Comment 10 Cédric Krier gentoo-dev

2006-12-04 13:55:59 UTC

As it is not a file that is provided by portage, there is no fix to do