[Bro] Weird Log rotation in Bro IDS 2.5 Beta

Ludwig Goon lagoon7 at gmail.com
Thu Nov 3 06:35:54 PDT 2016


Yes I am writing logs as JSON. But I don't have the ISO part on the end.
What is the correct way that line should read and is that the fix?

On Thursday, November 3, 2016, Seth Hall <seth at icir.org> wrote:

>
> > On Nov 3, 2016, at 7:57 AM, Seth Hall <seth at icir.org <javascript:;>>
> wrote:
> >
> >
> >> On Nov 2, 2016, at 10:46 PM, Ludwig Goon <lagoon7 at gmail.com
> <javascript:;>> wrote:
> >>
> >> Anyone got any ideas why this happened?
> >
> > Are you writing your logs as JSON?  If you are, are you doing something
> like this too?
> >
> >       redef LogAscii::json_timestamps = JSON::TS_ISO8601;
>
> Wait, sorry. I emailed too quickly.  I was asking those questions because
> they are related to a bug, but I see that you are running the 2.5 beta and
> the bug is fixed there.  Are you making any changes to how you write out
> logs though?  If you are, that could point to another instance of the same
> bug that we missed.
>
> Thanks,
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161103/775a61e4/attachment.html 


More information about the Bro mailing list