[Bro] archive-log process apparently failing

MILLER, BRAD L BLMILLER at comerica.com
Thu Oct 15 11:29:22 PDT 2015

We are on Bro 2.3.x and have run into a very occasional process that appears to indicate the archive-log process fails.  The symptom we see is a logjam (the word kind of fit here) of logs staying in the current directory and getting larger and larger, with no rotation into gz files outside of this directory.  Broctl restart sets it straight again, but this issue came up twice now in recent memory.  We tend to lose logs in the logjam when this is corrected via broctl restart.

Anything we can do?  Cause?

Brad Miller | Comerica Bank
Information Security Architecture
IT Security
Office: 248.371.4249  | Mobile: 920.378.8138

Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151015/9f32f604/attachment.html 

More information about the Bro mailing list