[Bro-Dev] [archive log failure]
Daniel Thayer
dnthayer at illinois.edu
Mon Oct 3 13:02:14 PDT 2016
Those archive log failure emails are a new feature in version 2.5.
The only purpose of the emails is to make it easier to notice when
such an error occurs (i.e., these emails do not indicate a new type
of error condition).
Previously, if such a failure occurred, the only way you would know
is if you noticed missing logs in one of the subdirectories of
the <PREFIX>/logs/ directory, or if you noticed the presence of
a new spool/tmp/post-terminate-* directory.
As for the strange directory names, one possible reason could be your
make-archive-name script is producing bad output.
On 10/3/16 2:11 PM, Aashish Sharma wrote:
> I see notifications as following:
>
> ----- Forwarded message from Xxxxxxx -----
>
> Date: Mon, 3 Oct 2016 11:54:39 -0700 (PDT)
> From:
> To:
> Subject: [bro-cluster] archive log failure
>
> Unable to archive one or more logs in directory:
> /usr/local/bro/spool/tmp/post-terminate-worker-2016-10-03-09-40-35-36665
> Check the post-terminate.out file in that directory for any error messages.
>
More information about the bro-dev
mailing list