[Bro] Log Rotate
Diogo Corteletti de Oliveira
diogo_c at brturbo.com.br
Tue Jan 9 05:43:45 PST 2007
Robin,
I've aplied the patch, re-compiled and re-intalled bro but
it didn't worked. Look bellow that every log rotated except the dns.log:
-rw-r--r-- 1 bro wheel 0B Jan 9 09:56 alarm.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 7.0K Jan 9 10:31 alarm.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 90K Jan 9 09:57 conn.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 7.2M Jan 9 10:38 conn.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 6.9M Jan 9 10:38 dns.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 5.0K Jan 9 09:57 ftp.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 92K Jan 9 10:38 ftp.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 57K Jan 9 09:57 http.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 5.4M Jan 9 10:38 http.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 548B Jan 9 09:57 info.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 485B Jan 9 09:58 info.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 0B Jan 9 09:56 irc.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 0B Jan 9 09:58 irc.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 790B Jan 9 09:57 notice.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 52K Jan 9 10:38 notice.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 0B Jan 9 09:56 software.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 0B Jan 9 09:58 software.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 0B Jan 9 09:57 step.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 0B Jan 9 09:56
step.bro.07-01-09_09.56.48-07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 0B Jan 9 09:58 step.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 4.6K Jan 9 09:57 weird.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 252K Jan 9 10:38 weird.bro.07-01-09_09.58.34
Tks
Diogo Corteletti
Robin Sommer escreveu:
> On Fri, Jan 05, 2007 at 12:30 -0200, Diogo Corteletti de Oliveira wrote:
>
>
>> I have configured the rotate-logs.bro policy to rotate logs every one
>> hour. It's working for every log except the dns.bro logs. What can be
>> the cause of that?
>>
>
> A bug. Can you try the attached patch to see if that helps? Thanks!
>
> Robin
>
>
> ------------------------------------------------------------------------
>
> ===================================================================
> --- branches/robin/work/src/File.cc 2007-01-09 00:20:09 UTC (rev 3911)
> +++ branches/robin/work/src/File.cc 2007-01-09 01:17:47 UTC (rev 3912)
> @@ -42,6 +42,7 @@
> #include "Timer.h"
> #include "Expr.h"
> #include "NetVar.h"
> +#include "Net.h"
> #include "Serializer.h"
> #include "Event.h"
>
> @@ -91,6 +92,9 @@
> static BroFile* head = 0;
> static BroFile* tail = 0;
>
> +double BroFile::default_rotation_interval = 0;
> +double BroFile::default_rotation_size = 0;
> +
> // Maximizes the number of open file descriptors and returns the number
> // that we should use for the cache.
> static int maximize_num_fds()
> @@ -165,6 +169,10 @@
>
> bool BroFile::Open(FILE* file)
> {
> + // Don't open any further files when we're shutting down.
> + if ( terminating )
> + return false;
> +
> open_time = network_time ? network_time : current_time();
>
> if ( ! max_files_in_cache )
> @@ -176,6 +184,16 @@
>
> f = file;
>
> + if ( default_rotation_interval &&
> + (! attrs || ! attrs->FindAttr(ATTR_ROTATE_INTERVAL)) )
> + rotate_interval = default_rotation_interval;
> +
> + if ( default_rotation_size &&
> + (! attrs || ! attrs->FindAttr(ATTR_ROTATE_SIZE)) )
> + rotate_size = default_rotation_size;
> +
> + InstallRotateTimer();
> +
> if ( ! f )
> {
> f = fopen(name, access);
> @@ -558,6 +576,9 @@
> if ( ! (f->attrs && f->attrs->FindAttr(ATTR_ROTATE_SIZE)) )
> f->rotate_size = max_size;
> }
> +
> + default_rotation_interval = interval;
> + default_rotation_size = max_size;
> }
>
> void BroFile::CloseCachedFiles()
>
> Modified: branches/robin/work/src/File.h
> ===================================================================
> --- branches/robin/work/src/File.h 2007-01-09 00:20:09 UTC (rev 3911)
> +++ branches/robin/work/src/File.h 2007-01-09 01:17:47 UTC (rev 3912)
> @@ -153,6 +153,9 @@
> bool dont_rotate; // See InstallRotateTimer()
> bool print_hook;
>
> + static double default_rotation_interval;
> + static double default_rotation_size;
> +
> #ifdef USE_OPENSSL
> EVP_PKEY* pub_key;
> EVP_CIPHER_CTX* cipher_ctx;
>
> _______________________________________________
> Bro-dev mailing list
> Bro-dev at george.lbl.gov
> http://dsd.lbl.gov/mailman/listinfo/bro-dev
>
More information about the Bro
mailing list