[Bro] logging locally and to remote logger
philosnef at gmail.com
Mon Nov 14 06:35:18 PST 2016
So, if I use:
in a bro worker cluster, what I find is that all the logs go to
/data/bro/spool/worker-1-X instead of all in /data/bro/logs/current on the
local machine... Is there a way to fix this?
Also, I would want to rotate logs out on the workers that are doing
additional local logging to have a much more constrained timeframe for
logging, specifically 1 week for local nodes, and 3 months for the logger
Is the best way to do this just with a cron rm -rf /data/bro/logs/$date ?
It seems this would run into a conflict with broctlconfig....
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro