[Bro] log rotation leaving conn.log unrotated
Frank Meier
franky.meier.1 at gmx.de
Mon Apr 27 08:32:49 PDT 2015
Hi.
Before I ask yet another question, I wanted to say thanks to all who
helped me
during the last weeks. :) All tips where very helpful and fast! I hope
I can repay
for this by contributing in the future.
I have this simple bro file:
redef Log::default_rotation_postprocessor_cmd = "./postrotate.sh";
redef Log::default_rotation_interval = 10 sec;
with postrotate.sh just printing the parameters:
echo "-1-"
echo $1
echo $2
echo $2
echo $2
echo $2
echo "-2-"
Now when bro is terminated via CTRL-C, the script is called:
1430147916.038582 received termination signal
1430147916.038582 1865 packets received on interface eth0, 45 dropped
-1-
files.2015-04-27-17-18-30.log
files
15-04-27_17.18.30
15-04-27_17.18.36
1
ascii
-2-
-1-
http.2015-04-27-17-18-30.log
http
15-04-27_17.18.30
15-04-27_17.18.36
1
ascii
-2-
-1-
weird.2015-04-27-17-18-30.log
weird
15-04-27_17.18.30
15-04-27_17.18.36
1
ascii
-2-
-1-
conn.2015-04-27-17-18-30.log
conn
15-04-27_17.18.30
15-04-27_17.18.36
1
ascii
-2-
-1-
reporter.2015-04-27-17-18-36.log
reporter
15-04-27_17.18.36
15-04-27_17.18.36
1
ascii
-2-
After that there is still a conn.log around. Why is this file not
rotated?
When I restart bro now, the conn.log seems to be overwritten and
entries for example in files.log reference a uid not found in any of
the conn.logs.
Franky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150427/c4c702ef/attachment.html
More information about the Bro
mailing list