[Bro] Change location of log files?
reswob10 at gmail.com
Fri Sep 1 08:13:47 PDT 2017
On 1 Sep 2017 10:05 am, "Maerz, Stefan A." <maerzsa at ornl.gov> wrote:
> Broctl.conf file has a logging location. Scroll down to find it. Default
> place for it is /usr/local/bro/etc/broctl.conf
> You can specify where both the current and rotated data is stored
> separately. This is what I have, the defaults are commented out:
> # Location of the log directory where log files will be archived each
> # interval.
> ##LogDir = /usr/local/bro/logs
> LogDir = /data/log
> # Location of the spool directory where files and data that are currently
> # written are stored.
> ##SpoolDir = /usr/local/bro/spool
> SpoolDir = /data/spool
> Best Regards,
> Stefan Maerz
> HPC Cyber Security Engineer
> Oak Ridge National Laboratory
> National Center for Computational Sciences
> Oak Ridge Leadership Computing Facility
> maerzsa at ornl.gov
> On Sep 1, 2017, at 9:34 AM, craig bowser <reswob10 at gmail.com> wrote:
> I've been looking thru the docs, but I don't see ( and perhaps I don't
> understand) if there is an option to change the location where bro writes
> all the log files.
> The default is /usr/local/bro/logs and I would like them to be written to
> a partition I created called /data
> /usr/local/bro/logs/current can stay where it is, but I'd like everything
> else to be moved.
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro