[Bro] Bro 1.5
Robin Sommer
robin at icir.org
Wed May 19 21:06:02 PDT 2010
On Sun, May 16, 2010 at 10:33 +0800, you wrote:
> Is there an easy way to rotate bro log(in $BROHOME/spool/bro) to 'per day
> log' after 24 hours and only archive it in gzip format after 48 hours?
Not out of the box, but the rotation is done via the script defined
by RotateLogs::default_postprocessor. Per default, that is set to
"<prefix>/share/broctl/scripts/archive-log" so you could take that
one as template to write your own.
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list