[Bro] log rotation
johanna at icir.org
Wed Apr 5 09:37:29 PDT 2017
Bro currently does not support appending data to the same log file over
The typical way to solve this is to have a script which generates a new
directory for each run, automatically changes the working dorectory to it,
and runs Bro from there. Afterwards you can concatenate the output files.
I hope this helps,
On Sun, Mar 26, 2017 at 06:18:03PM +0000, Ul Asad, Hafiz wrote:
> I am analysing a large number of "pcap" files using,
> bro -r *.pcap my_bro.script
> The problem is that for each new pcap file, bro over-writes the previous *.log files if I don't change my working directory. Is there a way of controlling the rotation of log files? I know that "broctl" has this time base rotation, but is there any sort of rotation control when bro is run from command line? I can change the working directory, but I want to have all my results in a single a log file (files) so that it is easy to query them.
> Bro mailing list
> bro at bro-ids.org
More information about the Bro