[Bro] Odd log problem - logs get archived as empty

Justin Azoff JAzoff at albany.edu
Thu Mar 6 16:43:31 PST 2014


On Fri, Mar 07, 2014 at 12:11:09AM +0000, Jeremy Hoel wrote:
> #  broctl config | grep compress
> compresscmd = gzip -9
> compressextension = gz
> compresslogs = 1
> 
> 
> If the variables are blank, wouldn't, worst case, it copy the files in and just
> have them be big?

not sure.. the command it runs is:

    nice ${compresscmd} <$1 >$dest.${compressextension}

if compresslogs is not 1, then it just runs

    nice cp $1 $dest

Your logs have a '.' at the end so it is clearly trying to do something,
but not having the right variables there.

You should have one or more 'broctl-config.sh' files 

something like:

    /usr/local/bro/spool/broctl-config.sh

try

    grep compress /usr/local/bro/spool/broctl-config.sh

you should get the same output.

-- 
-- Justin Azoff



More information about the Bro mailing list