[Bro] log rotation

Johanna Amann johanna at icir.org
Wed Apr 5 09:37:29 PDT 2017

Hi Asad,

Bro currently does not support appending data to the same log file over
several runs.

The typical way to solve this is to have a script which generates a new
directory for each run, automatically changes the working dorectory to it,
and runs Bro from there. Afterwards you can concatenate the output files.

I hope this helps,

On Sun, Mar 26, 2017 at 06:18:03PM +0000, Ul Asad, Hafiz wrote:
> Hi,
> I am analysing a large number of "pcap" files using,
> bro -r *.pcap   my_bro.script
> The problem is that for each new pcap file, bro over-writes the previous *.log files if I don't change my working directory. Is there a way of controlling the rotation of log files? I know that "broctl" has this time base rotation, but is there any sort of rotation control when bro is run from command line? I can change the working directory, but I want to have all my results in a single a log file (files) so that it is easy to query them.
> Regards
> Asad

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list