[Bro] broctl Email Reports
mcholste at gmail.com
Wed May 30 07:48:33 PDT 2012
You sound like a perfect candidate for someone who wants to get their
logs into a frontend for reporting like Splunk or my ELSA project. I
have a how-to available here:
This will let you do reporting and alerting at whatever interval
you're looking for.
On Wed, May 30, 2012 at 9:39 AM, Chris Crawford
<christopher.p.crawford at gmail.com> wrote:
> I like that broctl will roll logs over every hour. My default
> broctl.cfg file includes:
> # Rotation interval in seconds for log files on manager/standalone node.
> LogRotationInterval = 3600
> I don't like getting an email from broctl every hour, though. Is
> there a way to get a daily report, instead of an hourly report?
> Related --
> The Bro README  claims:
> "BroControl sends four types of mails to the address given in MailTo:
> 1. When logs are rotated (per default once a day), a list of all
> alarms during the last rotation interval is sent. This can be disabled
> by setting MailAlarms=0."
> But elsewhere in the README:
> "LogRotationInterval (int, default 3600)
> The frequency of log rotation in seconds for the manager/standalone node."
> This is confusing to me -- maybe someone can help me understand. Are
> they talking about two different things?
>  http://www.bro-ids.org/documentation/components/broctl/README.html
> Bro mailing list
> bro at bro-ids.org
More information about the Bro