[Bro] broctl Email Reports

Chris Crawford christopher.p.crawford at gmail.com
Wed May 30 07:39:33 PDT 2012

I like that broctl will roll logs over every hour.  My default
broctl.cfg file includes:

# Rotation interval in seconds for log files on manager/standalone node.
LogRotationInterval = 3600

I don't like getting an email from broctl every hour, though.  Is
there a way to get a daily report, instead of an hourly report?

Related --

The Bro README [1] claims:

"BroControl sends four types of mails to the address given in MailTo:

1. When logs are rotated (per default once a day), a list of all
alarms during the last rotation interval is sent. This can be disabled
by setting MailAlarms=0."

But elsewhere in the README:

"LogRotationInterval (int, default 3600)
    The frequency of log rotation in seconds for the manager/standalone node."

This is confusing to me -- maybe someone can help me understand.  Are
they talking about two different things?

[1] http://www.bro-ids.org/documentation/components/broctl/README.html

