[Bro] broctl Email Reports
Robin Sommer
robin at icir.org
Wed May 30 11:27:55 PDT 2012
On Wed, May 30, 2012 at 10:39 -0400, you wrote:
> I don't like getting an email from broctl every hour, though. Is
> there a way to get a daily report, instead of an hourly report?
It's indeed coupled to log rotation currently, but you can change that
by redefining the rotation interval for the alarm summaries. Try this
in local.bro:
event bro_init()
{
local f = Log::get_filter(Notice::ALARM_LOG, "alarm-mail");
f$interv = 1day;
Log::add_filter(Notice::ALARM_LOG, f);
}
> 1. When logs are rotated (per default once a day),
Ah, that's outdated, the default log rotation used to be once a day,
but is now once an hour.
> "LogRotationInterval (int, default 3600)
We should add a second option here that defines the rotation interval
for the alarm summaries separately.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list