[Bro] Bro Log Filename Question

Jason Batchelor jxbatchelor at gmail.com
Wed Apr 30 10:48:43 PDT 2014

Hello Bro Community:

I was wondering if there was an easy way to modify log filenames that are
placed into the spool directory. All I would like to to, is to simply
append 'bro.' to the beginning of each filename. I searched around a bit
thinking there may be a simple configuration option I could modify in the
broctl.cfg file. Unfortunately however, I have not come upon any solution
yet and feel like I am likely missing something obvious.

As an example, I would like the prefix to be something like 'bro.conn.log'
instead of 'conn.log' for all files being written to the
'/var/opt/bro/spool/bro' directory. Is there a simple way to do this using
the Bro application?

Thanks very much for your time and assistance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140430/3bb026d4/attachment.html 

More information about the Bro mailing list