Log file rotation

After sending SIGABRT to the samhain daemon, it will first finish its current tast (this may take some time), then unlock the log file (i.e. remove the PID file), wait three seconds, then proceed. Thus, to rotate the log file, you should use something like the following script:

#! /bin/sh

if test -f /usr/local/var/log/.samhain_lock; then \
          PIN=`cat /usr/local/var/log/.samhain_lock`; \
          /bin/kill -ABRT $PIN; \
          sleep 1; \
          AA=0; \
          while test "x$AA" != "x120"; do \
           let "AA = $AA + 1"; \
           if test -f /usr/local/var/log/.samhain_lock; then \
             sleep 1; \
           else \
             break; \
           fi \
          done; \
	fi
        mv /usr/local/var/log/.samhain_log /usr/local/var/log/oldlog

If you use the 'logrotate' tool, you could use the following (untested):

/usr/local/var/log/.samhain_log {
    size 100k
    nocreate
    compress
    mail root@localhost
    maillast

prerotate
        if test -f /usr/local/var/log/.samhain_lock; then \
          PIN=`cat /usr/local/var/log/.samhain_lock`; \
          /bin/kill -ABRT $PIN; \
          sleep 1; \
          AA=0; \
          while test "x$AA" != "x120"; do \
           let "AA = $AA + 1"; \
           if test -f /usr/local/var/log/.samhain_lock; then \
             sleep 1; \
           else \
             break; \
           fi \
          done; \
        fi
    endscript
}