[Bro] Append instead of overwrite

James Lay jlay at slave-tothe-box.net
Fri Aug 15 09:28:54 PDT 2014

On 2014-08-15 09:46, Seth Hall wrote:
> On Aug 15, 2014, at 7:59 AM, James Lay <jlay at slave-tothe-box.net> 
> wrote:
>>> So I run bro instead of broctl.  Currently, if I stop a running 
>>> bro,
>>> and start it again, bro overwrites any previous log files...is 
>>> there a
>>> way to change this behavior?  Thank you.
> How would you like it to behave instead?
>   .Seth
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/


Additionally, it would be wonderful to have bro re-load it's local.bro 
(or whatever) on SIGHUP.  During testing my process is:

killall bro
move log files
make changes to scripts
bro -i eth0 local

Repeat.  It's pretty tedious.  Would be nice too see:

make changes to scripts
killal -HUP bro

That would reload bro local.bro and not overwrite the current log 

Just some more thoughts...thanks Seth.


More information about the Bro mailing list