[Bro] Odd log problem - logs get archived as empty
Justin Azoff
JAzoff at albany.edu
Thu Mar 6 16:43:31 PST 2014
On Fri, Mar 07, 2014 at 12:11:09AM +0000, Jeremy Hoel wrote:
> # broctl config | grep compress
> compresscmd = gzip -9
> compressextension = gz
> compresslogs = 1
>
>
> If the variables are blank, wouldn't, worst case, it copy the files in and just
> have them be big?
not sure.. the command it runs is:
nice ${compresscmd} <$1 >$dest.${compressextension}
if compresslogs is not 1, then it just runs
nice cp $1 $dest
Your logs have a '.' at the end so it is clearly trying to do something,
but not having the right variables there.
You should have one or more 'broctl-config.sh' files
something like:
/usr/local/bro/spool/broctl-config.sh
try
grep compress /usr/local/bro/spool/broctl-config.sh
you should get the same output.
--
-- Justin Azoff
More information about the Bro
mailing list