[Bro] Append instead of overwrite

James Lay jlay at slave-tothe-box.net
Fri Aug 15 09:28:54 PDT 2014


On 2014-08-15 09:46, Seth Hall wrote:
> On Aug 15, 2014, at 7:59 AM, James Lay <jlay at slave-tothe-box.net> 
> wrote:
>
>>> So I run bro instead of broctl.  Currently, if I stop a running 
>>> bro,
>>> and start it again, bro overwrites any previous log files...is 
>>> there a
>>> way to change this behavior?  Thank you.
>
> How would you like it to behave instead?
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/

Seth,

Additionally, it would be wonderful to have bro re-load it's local.bro 
(or whatever) on SIGHUP.  During testing my process is:

killall bro
move log files
make changes to scripts
bro -i eth0 local

Repeat.  It's pretty tedious.  Would be nice too see:

make changes to scripts
killal -HUP bro

That would reload bro local.bro and not overwrite the current log 
files.

Just some more thoughts...thanks Seth.

James




More information about the Bro mailing list