[Bro-Dev] [JIRA] (BIT-1489) topic/dnthayer/ticket1396

Daniel Thayer (JIRA) jira at bro-tracker.atlassian.net
Fri Dec 11 08:50:00 PST 2015


    [ https://bro-tracker.atlassian.net/browse/BIT-1489?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23304#comment-23304 ] 

Daniel Thayer commented on BIT-1489:
------------------------------------

The post-terminate.out file is being generated from the script that sends the email, so if we cat the
file at that point, we might not see the entire file contents due to buffering.  Besides, if someone receives
that email, they're going to need to look in that directory anyway (to see which logs weren't
archived, and then to manually archive them).

The long-term solution is to change the way we archive logs (for that, I expect we will leverage
broctld).


> topic/dnthayer/ticket1396
> -------------------------
>
>                 Key: BIT-1489
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1489
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: BroControl
>            Reporter: Daniel Thayer
>            Assignee: Justin Azoff
>             Fix For: 2.5
>
>
> Branch topic/dnthayer/ticket1396 in the broctl repo was originally intended
> to address BIT-1396 (logs disappearing on broctl restart).  Most of the commits
> in this branch are aimed at making it easier to diagnose such problems
> in the future.  The most user-visible changes are:
> 1) post-terminate will now send an email if it fails to archive any logs,
> 2) post-terminate will now re-try to archive logs that previously failed to be archived,
> 3) improvements to some error messages,
> 4) better sanity checking of config values,
> 5) significant improvements to the broctl README



--
This message was sent by Atlassian JIRA
(v7.1.0-OD-02-030#71001)


More information about the bro-dev mailing list