[Bro] stdout.log does not work?

Hongda Li hongdal at g.clemson.edu
Wed Jan 13 13:39:07 PST 2016


I was not running Bro in a cluster.
I checked the spool/bro/ direcotry and found stdout.log and stderr.log
However, contents in these two files are the same with the contents in
stdout.log and stderr.log under logs/current/.

I am a newbie to the Bro system.
As a result, I can't get outputs of 'print' statements from
spool/bro/stdout.log or logs/current/stdout.log.
But I am sure I can get the outputs when I run Bro from command line.
Anything gets wrong?

Many thanks!

On Wed, Jan 13, 2016 at 7:03 AM, Jan Grashöfer <jan.grashoefer at gmail.com>

> Hi,
> if I remember correctly stdout.log and stderr.log are separately
> generated per worker. You should be able to find them in spool/ inside
> the worker directories.
> Jan
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

> I've a problem with stdout.log.
>> I add some "print" statements in bro scripts (e.g.,
>> detect-bruteforcing.bro).
>> When I start Bro from the command line:
>> *bro -i eth2 local *it prints outputs of the print statements on to the
>> stdout.
>> However, I start Bro from the broctl:
>> *[BroControl] > start*
>> *    [BroControl] > exit*then I go to "logs/current/" and try to see the
>> outputs of the print statements:
>> *cat stdout.log*the only results that I can see are:
>> *max memory size         (kbytes, -m) unlimited*
>> *    data seg size           (kbytes, -d) unlimited*
>> *    virtual memory          (kbytes, -v) unlimited**    core file size
>>          (blocks, -c) unlimited*
>> I expected that I can read the outputs of the print statements in the
>> *stdout.log*.
>> The content of /logs/stderr.log looks like (only one line):
>> *listening on eth2, capture length 8192 bytes*This error message also
>> appears as I start Bro by command line.
>> I don't think this makes any difference.
>> I have no idea what is going wrong.
>> Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160113/10785917/attachment.html 

More information about the Bro mailing list