[Bro] Log rotation and /dev/null with broctl

Matthias Vallentin vallentin at icir.org
Mon Oct 18 11:40:29 PDT 2010


> Do you have open_log_file("/dev/null") somewhere in one of your policy
> scripts?  

Indeed, I could find the following

    # Save us some disk I/O.
    redef notice_file = open("/dev/null");
    redef bro_alarm_file = open("/dev/null");
    redef Weird::weird_file = open("/dev/null");

which I replaced with

    event bro_init()
    {   
        close(notice_file);
        close(bro_alarm_file);
        close(Weird::weird_file);
    }

to get rid of the error. Thanks for the hint.

   Matthias



More information about the Bro mailing list