[Bro] Odd log problem - logs get archived as empty
Jeremy Hoel
jthoel at gmail.com
Thu Mar 6 16:51:04 PST 2014
# grep compress /usr/local/bro/spool/broctl-config.sh
compresslogs="1"
That is interesting. So it's missing the two lines:
compresscmd = gzip -9
compressextension = gz
I'll add those and restart and see what happens
Side note - this is an upgrade from 2.1 to 2.2
And i think/thought it was working in 2.1
On Fri, Mar 7, 2014 at 12:43 AM, Justin Azoff <JAzoff at albany.edu> wrote:
> On Fri, Mar 07, 2014 at 12:11:09AM +0000, Jeremy Hoel wrote:
> > # broctl config | grep compress
> > compresscmd = gzip -9
> > compressextension = gz
> > compresslogs = 1
> >
> >
> > If the variables are blank, wouldn't, worst case, it copy the files in
> and just
> > have them be big?
>
> not sure.. the command it runs is:
>
> nice ${compresscmd} <$1 >$dest.${compressextension}
>
> if compresslogs is not 1, then it just runs
>
> nice cp $1 $dest
>
> Your logs have a '.' at the end so it is clearly trying to do something,
> but not having the right variables there.
>
> You should have one or more 'broctl-config.sh' files
>
> something like:
>
> /usr/local/bro/spool/broctl-config.sh
>
> try
>
> grep compress /usr/local/bro/spool/broctl-config.sh
>
> you should get the same output.
>
> --
> -- Justin Azoff
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140307/9bbe0151/attachment.html
More information about the Bro
mailing list