[Bro] Intelligence framework and bro logs
nbblrr at gmail.com
Wed Nov 30 21:34:03 PST 2016
Hi Bro list,
I am starting to use Bro to check some IOCs on my network using the Bro
Intelligence Framework, and I have few questions regarding my configuration
-I am updating the IOCs regularly and the only way I found to reload IOCs
in bro is to restart the service with broctl, is there any better way?
(like just reloading the configuration and not restarting everything)
-When restarting bro with broctl, Bro is having a weird behaviour with
logs, they are stored in directory with weird names (like 2039-01-
2039-02- 2039-10- 2046-49- 2050-58- 2051-03-...), have you already
seen such case? Is it a due to a bad configuration? Or a bug? Is there a
way to restart bro without rotating logs?
(all this with bro 2.5 compiled from sources)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro