[Bro] log rotation

Ul Asad, Hafiz Hafiz.Ul-Asad.1 at city.ac.uk
Sun Mar 26 11:18:03 PDT 2017


I am analysing a large number of "pcap" files using,

bro -r *.pcap   my_bro.script

The problem is that for each new pcap file, bro over-writes the previous *.log files if I don't change my working directory. Is there a way of controlling the rotation of log files? I know that "broctl" has this time base rotation, but is there any sort of rotation control when bro is run from command line? I can change the working directory, but I want to have all my results in a single a log file (files) so that it is easy to query them.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170326/6047d649/attachment.html 

More information about the Bro mailing list