[Bro] Append instead of overwrite
James Lay
jlay at slave-tothe-box.net
Fri Aug 15 09:28:54 PDT 2014
On 2014-08-15 09:46, Seth Hall wrote:
> On Aug 15, 2014, at 7:59 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>
>>> So I run bro instead of broctl. Currently, if I stop a running
>>> bro,
>>> and start it again, bro overwrites any previous log files...is
>>> there a
>>> way to change this behavior? Thank you.
>
> How would you like it to behave instead?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
Seth,
Additionally, it would be wonderful to have bro re-load it's local.bro
(or whatever) on SIGHUP. During testing my process is:
killall bro
move log files
make changes to scripts
bro -i eth0 local
Repeat. It's pretty tedious. Would be nice too see:
make changes to scripts
killal -HUP bro
That would reload bro local.bro and not overwrite the current log
files.
Just some more thoughts...thanks Seth.
James
More information about the Bro
mailing list