[Bro] Bro Cluster Elasticsearch rotation_interval ignored
mkhan04 at gmail.com
Tue Apr 29 08:40:20 PDT 2014
I'm testing out the ElasticSearch writer in a Bro Cluster (2.2 release)
along with the Ascii writer. I've set LogRotationInterval to an hour (3600)
in broctl.cfg which I know sets or overrides Log::default_rotation_interval
and in my local.bro I've overridden the rotation_interval parameter of the
ElasticSearch Logger (defined in logs-to-elasticsearch policy) to be every
24 hours. Apparently, Bro seems to be ignoring the rotation_interval value.
I've tried not setting LogRotationInterval and setting
Log::default_rotation_interval in my local.bro file but i got similar
Is there anyway to have the Ascii writer use a 1hr rotation interval while
the ElasticSearch writer uses a different one? Looking through the
docs/code it doesn't look like LogAscii has a rotation_interval of its own.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro