[Bro-Dev] [JIRA] (BIT-1490) Need ability to expire logs with more granularity than #days.

Justin Azoff (JIRA) jira at bro-tracker.atlassian.net
Wed Jan 20 10:39:00 PST 2016

    [ https://bro-tracker.atlassian.net/browse/BIT-1490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23909#comment-23909 ] 

Justin Azoff commented on BIT-1490:

This change looks good but I have one suggestion.  I could see someone changing the option to "12hours" and getting this message

value of broctl option "logexpireinterval" is invalid: 12hours

but being confused about WHY it is invalid.  Something like this could help with that:

"value of broctl option "logexpireinterval" is invalid: "12hours". Only time units "day", "hr", and "min" are

It might also be a good idea to just in add "hours" and "minutes" as valid units to begin with.

> Need ability to expire logs with more granularity than #days.
> -------------------------------------------------------------
>                 Key: BIT-1490
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1490
>             Project: Bro Issue Tracker
>          Issue Type: Improvement
>          Components: BroControl
>    Affects Versions: git/master
>            Reporter: Seth Hall
>            Assignee: Justin Azoff
>            Priority: Low
>             Fix For: 2.5
> There are some users that would like or need to have BroControl maintain their collected logs with tighter granularity than how many days old the logs are.
> Right now the find command that determines which files to delete uses `-mtime` which is `x*24hr`.  We would need to use the `-mmin` argument otherwise, but I suspect this would introduce the need to do some parsing of of the value given so that people could specify things like `10hr` or `5days`.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list