[Bro] log rotation leaving conn.log unrotated

[Frank Meier]

Hi.

Before I ask yet another question, I wanted to say thanks to all who 
helped me
during the last weeks. :) All tips where very helpful and fast! I hope 
I can repay 
for this by contributing in the future.

I have this simple bro file:

redef Log::default_rotation_postprocessor_cmd = "./postrotate.sh";
redef Log::default_rotation_interval = 10 sec;

with postrotate.sh just printing the parameters:

#!/bin/sh
echo "-1-"
echo $1
echo $2
echo $3
echo $4
echo $5
echo $6
echo "-2-"

Now when bro is terminated via CTRL-C, the script is called:
1430147916.038582 received termination signal
1430147916.038582 1865 packets received on interface eth0, 45 dropped

-1-
files.2015-04-27-17-18-30.log
files
15-04-27_17.18.30
15-04-27_17.18.36
1
ascii
-2-
-1-
http.2015-04-27-17-18-30.log
http
15-04-27_17.18.30
15-04-27_17.18.36
1
ascii
-2-
-1-
weird.2015-04-27-17-18-30.log
weird
15-04-27_17.18.30
15-04-27_17.18.36
1
ascii
-2-
-1-
conn.2015-04-27-17-18-30.log
conn
15-04-27_17.18.30
15-04-27_17.18.36
1
ascii
-2-
-1-
reporter.2015-04-27-17-18-36.log
reporter
15-04-27_17.18.36
15-04-27_17.18.36
1
ascii
-2-

After that there is still a conn.log around. Why is this file not 
rotated? 
When I restart bro now, the conn.log seems to be overwritten and
entries for example in files.log reference a uid not found in any of
the conn.logs.

I could not figure out why rotation works for most of the logs, but
not for conn.log.

Franky



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150427/8e66077c/attachment.html