[Bro] Extracted files don't rotate

Seth Hall seth at icir.org
Wed Feb 8 19:15:54 PST 2017

> On Feb 8, 2017, at 5:17 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> Thanks Justin that's helpful.  So as I look at my old setup I see that I 
> indeed had move and compress manually on a cron job, so I'll just do 
> that for the extract_files dir.  Maybe a feature request down the road 
> would be (maybe in broctl.conf) to be able to add "pre" rotate and 
> "post" rotate scripts.  Just a thought.

This has been a bit of a sticking point for quite a while.  Part of the issue is the diversity in how clusters are run and managed.  It's hard to create one solution which works for everyone's deployment.

I've been hoping to spend some time rejiggering how file extraction happens a little bit this year but I'd be glad to see anyone else beat me to it.  It's a deceptively sneaky issue.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list