[Bro] bro operational questions
Dalton Porter
daltonporter at yahoo.com
Mon May 7 11:14:32 PDT 2012
Hi,
I need to keep bro up and running to process logs continuously. I was wondering what folks would suggest for doing that. Does broctl automatically restart the process if it dies?
Using broctl, how do I specify snaplen=X in the config file? I have tried putting variations of this into broctl.cfg, but it's not happy
BroArgs = snaplen 65535
.
Finally, what is the best way to specify the logging output path? Is this in a config file or do I need to set it in a script?
Log::add_filter(HTTP::LOG,[$name="myname", $path="/my/custom/path/basename", ...
Ideally, I would like to set the path on ALL logs with one setting, not just http.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120507/117bcf97/attachment.html
More information about the Bro
mailing list