store the length of file in a temporary file, and then use
that as the offset to seek into the file next time. If it
doesn't put you back at the end of the file, then read all
the new entries... then store the new length for the next
check.
Just make sure you check the return from the seek, as the
log file may have been rotated between runs... in that case
just read from the begining. | [reply] |
What don't you like about grep's solutions? His two points are completely valid. Is there something else that you are looking for?
metadoktor
"The doktor is in." | [reply] |
Well, my only concern is this. Let's say the snort log file gets to be 25 megs in size, it dups it. Thus, 50 meg's of HD space. That's my only concern. I do agree that that method works, I'm just wondering if there is another one that doesnt tie up as many system resources and the such.
| [reply] |