[Bro] broctl Email Reports
Robin Sommer
robin at icir.org
Thu May 31 07:44:14 PDT 2012
On Thu, May 31, 2012 at 09:22 -0400, Chris Crawford wrote:
> Hmm...I restarted bro and it's still sending Connection Summary
> reports every hour.
Ah, ok, I thought your question was only about the alarm summaries
(they should now come once a day). The connection summaries can't
really be detached from the rotation because that's a post-processor
working on the conn.log file at the time it's closed and archived. If
you want them daily (but keep rotating conn.log hourly), you'd need to
do that externally, like with a cron job running over the archived
conn.logs.
(The tool that generates the summaries is "trace-summary", it can be
used standalone as well).
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list