3.6. Log file rotation

samhain locks the logfile using a lock file. This lock file has the same path as the log file, with .lock appended. After sending SIGTTIN or SIGABRT to the samhain daemon, it will first finish its current tast (this may take some time), then unlock the log file (i.e. remove the logfile.lock file), wait three seconds, then proceed. Thus, to rotate the log file, you should use something like the following script:

#! /bin/sh

if test -f /usr/local/var/run/samhain.pid; then \
          PIN=`cat /usr/local/var/run/samhain.pid`; \
          /bin/kill -TTIN $PIN; \
          sleep 1; \
          AA=0; \
          while test "x$AA" != "x120"; do \
           AA=$(( AA + 1 )); \
           if test -f /usr/local/var/log/samhain_log.lock; then \
             sleep 1; \
           else \
             break; \
           fi \
          done; \
	fi
        mv /usr/local/var/log/samhain_log /usr/local/var/log/oldlog

If you use the 'logrotate' tool, you could use the following (untested):

/usr/local/var/log/samhain_log {
    weekly
    rotate 52
    nocreate
    missingok
    compress

prerotate
        if test -f /usr/local/var/run/samhain.pid; then \
          PIN=`cat /usr/local/var/run/samhain.pid`; \
          /bin/kill -TTIN $PIN; \
          sleep 1; \
          AA=0; \
          while test "x$AA" != "x120"; do \
           AA=$(( AA + 1 )); \
           if test -f /usr/local/var/log/samhain_log.lock; then \
             sleep 1; \
           else \
             break; \
           fi \
          done; \
        fi
    endscript
}