aashish at uiuc.edu aashish at uiuc.edu
Wed Mar 30 12:24:21 PST 2005

This is slightly off topic from the last bro packet trace dump thread. Right now I see bro rolling over bulk trace files as soon as the file size is 2G. (Even though we have large file system support on the os). 

The issue with this is that all the other log files are also rolled over. I think bro just restarts itself. 

Is it possible to set up bro to define the size at which bulk trace file should roll over and not have any other log files roll over (even if the bulk trace files roll over at 2G) ? 

I tried looking in the source and also putting tcpdump like options in the config file for but that does not seem to work. 

Aashish Sharma 

