[Bro] Is there any way to flush the conn log every so often

William L. Jones jones at tacc.utexas.edu
Thu Jun 25 12:09:24 PDT 2009


I used file-flush.bro to flush the logs. Thanks!

-----Original Message-----
From: Robin Sommer [mailto:robin at icir.org]
Sent: Tuesday, June 23, 2009 3:50 PM
To: William L. Jones
Cc: bro at bro-ids.org
Subject: Re: [Bro] Is there any way to flush the conn log every so often


On Tue, Jun 23, 2009 at 13:30 -0500, you wrote:

> I would like to force a flush on it every so often. Is there a way
> to do this through a bro config file.

Yes, there are two options:

- file-flush.bro flushes all logs regurlarly (default: every 10s).

- the built-in function set_buf() disables buffering for a
particular log file; see the bro_init() handler in remote.bro for an
example. If there's not much traffic on the line, disabling the
buffering for conn.log shouldn't be a problem.

Roin

--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org




More information about the Bro mailing list