[Bro] Append instead of overwrite
James Lay
jlay at slave-tothe-box.net
Fri Aug 15 08:53:38 PDT 2014
On 2014-08-15 09:46, Seth Hall wrote:
> On Aug 15, 2014, at 7:59 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>
>>> So I run bro instead of broctl. Currently, if I stop a running
>>> bro,
>>> and start it again, bro overwrites any previous log files...is
>>> there a
>>> way to change this behavior? Thank you.
>
> How would you like it to behave instead?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
To give me an option to append instead of overwrite. I imagine that
since broctl does all the file management that this could be a command
line option...
bro -i eth0 -n local.bro
where -n would be a no overwrite option. In a nutshell "if the files
don't exist, create them, if they do, just append, without the header,
to the current file". It could just be a single check on start.
How's that? Thanks Seth.
James
More information about the Bro
mailing list