[Bro] broctl Email Reports
Chris Crawford
christopher.p.crawford at gmail.com
Wed Sep 5 11:12:09 PDT 2012
What is the recommended way to completely disable hourly reports?
On Thu, May 31, 2012 at 10:44 AM, Robin Sommer <robin at icir.org> wrote:
>
> On Thu, May 31, 2012 at 09:22 -0400, Chris Crawford wrote:
>
>> Hmm...I restarted bro and it's still sending Connection Summary
>> reports every hour.
>
> Ah, ok, I thought your question was only about the alarm summaries
> (they should now come once a day). The connection summaries can't
> really be detached from the rotation because that's a post-processor
> working on the conn.log file at the time it's closed and archived. If
> you want them daily (but keep rotating conn.log hourly), you'd need to
> do that externally, like with a cron job running over the archived
> conn.logs.
>
> (The tool that generates the summaries is "trace-summary", it can be
> used standalone as well).
>
> Robin
> --
> Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
> ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list