samhain locks the logfile using a lock file.
This lock file has the same path as the log file, with
.lock appended.
After sending SIGABRT to the samhain daemon,
it will first finish its
current tast (this may take some time), then unlock the log file
(i.e. remove the logfile.lock file),
wait three seconds, then proceed. Thus, to
rotate the log file, you should use something like the
following script:
#! /bin/sh
if test -f /usr/local/var/run/samhain.pid; then \
PIN=`cat /usr/local/var/run/samhain.pid`; \
/bin/kill -ABRT $PIN; \
sleep 1; \
AA=0; \
while test "x$AA" != "x120"; do \
let "AA = $AA + 1"; \
if test -f /usr/local/var/log/samhain_log.lock; then \
sleep 1; \
else \
break; \
fi \
done; \
fi
mv /usr/local/var/log/samhain_log /usr/local/var/log/oldlog |
If you use the 'logrotate' tool, you could use the following (untested):
/usr/local/var/log/samhain_log {
size 100k
nocreate
compress
mail root@localhost
maillast
prerotate
if test -f /usr/local/var/run/samhain.pid; then \
PIN=`cat /usr/local/var/run/samhain.pid`; \
/bin/kill -ABRT $PIN; \
sleep 1; \
AA=0; \
while test "x$AA" != "x120"; do \
let "AA = $AA + 1"; \
if test -f /usr/local/var/log/samhain_log.lock; then \
sleep 1; \
else \
break; \
fi \
done; \
fi
endscript
} |