[Bro] log rotation

Johanna Amann johanna at icir.org
Wed Apr 5 09:37:29 PDT 2017


Hi Asad,

Bro currently does not support appending data to the same log file over
several runs.

The typical way to solve this is to have a script which generates a new
directory for each run, automatically changes the working dorectory to it,
and runs Bro from there. Afterwards you can concatenate the output files.

I hope this helps,
 Johanna

On Sun, Mar 26, 2017 at 06:18:03PM +0000, Ul Asad, Hafiz wrote:
> Hi,
> 
> I am analysing a large number of "pcap" files using,
> 
> bro -r *.pcap   my_bro.script
> 
> The problem is that for each new pcap file, bro over-writes the previous *.log files if I don't change my working directory. Is there a way of controlling the rotation of log files? I know that "broctl" has this time base rotation, but is there any sort of rotation control when bro is run from command line? I can change the working directory, but I want to have all my results in a single a log file (files) so that it is easy to query them.
> 
> Regards
> Asad

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list