[Bro] Extracted files not being archived
Carl.Hester at constellation.com
Tue Feb 26 06:18:19 PST 2013
While working through the file-extraction demo posted by @hectaman (http://www.youtube.com/watch?v=-7p3yLHxug4), I noticed my http-item_* files would go missing whenever I stopped the bro processes. It looks like files are properly written to bro/spool/bro, but not rotated or archived.
I'm digging through the scripts in bro/share/broctl/scripts and trying to identify the process for log rotation, but figured someone may have already solved this if they've seen similar behavior.
This e-mail and any attachments are confidential, may contain legal,
professional or other privileged information, and are intended solely for the
addressee. If you are not the intended recipient, do not use the information
in this e-mail in any way, delete this e-mail and notify the sender. -EXCIP
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro