[Bro] broctl Email Reports
Chris Crawford
christopher.p.crawford at gmail.com
Wed May 30 07:39:33 PDT 2012
I like that broctl will roll logs over every hour. My default
broctl.cfg file includes:
# Rotation interval in seconds for log files on manager/standalone node.
LogRotationInterval = 3600
I don't like getting an email from broctl every hour, though. Is
there a way to get a daily report, instead of an hourly report?
Related --
The Bro README [1] claims:
"BroControl sends four types of mails to the address given in MailTo:
1. When logs are rotated (per default once a day), a list of all
alarms during the last rotation interval is sent. This can be disabled
by setting MailAlarms=0."
But elsewhere in the README:
"LogRotationInterval (int, default 3600)
The frequency of log rotation in seconds for the manager/standalone node."
This is confusing to me -- maybe someone can help me understand. Are
they talking about two different things?
[1] http://www.bro-ids.org/documentation/components/broctl/README.html
More information about the Bro
mailing list