[Bro-Dev] [archive log failure]
Aashish Sharma
asharma at lbl.gov
Mon Oct 3 12:11:50 PDT 2016
I see notifications as following:
----- Forwarded message from Xxxxxxx -----
Date: Mon, 3 Oct 2016 11:54:39 -0700 (PDT)
From:
To:
Subject: [bro-cluster] archive log failure
Unable to archive one or more logs in directory:
/usr/local/bro/spool/tmp/post-terminate-worker-2016-10-03-09-40-35-36665
Check the post-terminate.out file in that directory for any error messages.
--
[Automatically generated.]
But then there is no spool/tmp/post-terminate-*
However, in my /usr/local/bro/logs directory I see these folders emerge:
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-9
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-5
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-8
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-7
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-10
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-4
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-3
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-2
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-1
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20rk-5-6
drwxr-xr-x 2 bro bro 512B Oct 3 11:54 20ox-5-
drwxr-xr-x 2 bro bro 6.5k Oct 3 11:56 2016-10-03
drwxr-xr-x 2 bro bro 512B Oct 3 12:01 20na--
Now, I do use the followign setting in broctl.cfg:
# change log naming
MakeArchiveName = /usr/local/bro-cpp/common/scripts/makelocal-archivename-2.1
However above been there forever and I don't recall these archive failure messages or these directories show up until I moved to : bro version 2.5-beta-debug
Aashish
More information about the bro-dev
mailing list