7. Log file rotation

7. Log file rotation
Prev	Chapter 3. General usage notes	Next

7. Log file rotation

samhain locks the logfile using a lock file. This lock file has the same path as the log file, with .lock appended. After sending SIGTTIN or SIGABRT to the samhain daemon, it will first finish its current tast (this may take some time), then unlock the log file (i.e. remove the logfile.lock file), wait three seconds, then proceed. Thus, to rotate the log file, you should use something like the following script:

	#! /bin/sh 

	if test -f /usr/local/var/run/samhain.pid; then \
	  PIN=`cat /usr/local/var/run/samhain.pid`; \
	  /bin/kill -TTIN $PIN; \
	  sleep 1; \
	  AA=0; \
	  while test "x$AA" != "x120"; do \
	    AA=$(( AA + 1 )); \
	    if test -f /usr/local/var/log/samhain_log.lock; then \
	      sleep 1; \
	    else \
	      break; \
	    fi \
	  done; \
	fi 
	mv /usr/local/var/log/samhain_log /usr/local/var/log/oldlog

If you use the 'logrotate' tool, you could use the following (untested):

	/usr/local/var/log/samhain_log { 
	weekly 
	rotate 52 
	nocreate
	missingok 
	compress 
	prerotate 
	if test -f /usr/local/var/run/samhain.pid; then \
	  PIN=`cat /usr/local/var/run/samhain.pid`; \
	  /bin/kill -TTIN $PIN; \
	  sleep 1; \
	  AA=0; \ 
	  while test "x$AA" != "x120"; do \
	    AA=$(( AA + 1 )); \
	    if test -f /usr/local/var/log/samhain_log.lock; then \
	      sleep 1; \
	    else \
	      break; \
	    fi \
	  done; \
	fi 
	endscript
        }

Prev	Up	Next
6. Wait on file check	Home	8. Updating the file signature database