[Bro] Stats.log Growing Out of Control!!!
Damon Rouse
damonrouse at gmail.com
Mon Jan 19 12:16:44 PST 2015
@Dan: Both those files are there.
What my main issue seems to be is that my stats.log file is growing by
20-30MB every 5 minutes when the cron runs. I then get the email below in
my original post.
I'm circling back here to hopefully find a resolution. I opened a thread
in the Security Onion and tried limiting these events in my broctl.cfg.
doesn't seem to work. I've stopped Bro, deleted the stats dir, did brotcl
install and then start, no go there either.
Here's my SO thread for ref:
https://groups.google.com/forum/#!topic/security-onion/bdmFGn3oj24
If anyone has any ideas or thoughts, please let me know. Any help is truly
appreciated!
Thanks
Damon
On Fri, Jan 2, 2015 at 2:16 PM, Thayer, Daniel N <dnthayer at illinois.edu>
wrote:
> The stats-to-csv script creates files with a ".csv" file extension in
> the directory <prefix>/logs/stats/www/ (where <prefix> is the bro
> install directory). In order for this script to work, it needs to
> read two files: <prefix>/spool/stats.log and <prefix>/logs/stats/meta.dat
>
>
>
>
> From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Damon Rouse [
> damonrouse at gmail.com]
>
> Sent: Friday, January 02, 2015 11:58 AM
>
> To: bro at bro-ids.org
>
> Subject: [Bro] (no subject)
>
>
>
>
>
>
> Happy New Year Everyone!!!
>
> Has anyone ever seen the following error before? Email alerts that come
> in looks like this:
>
>
>
>
> Subject: [Bro] cron: stats-to-csv failed
> Body:
> stats-to-csv failed
> --
> [Automatically generated.]
>
> I started receiving these yesterday. They come in every 5 minutes and
> I've never received them before yesterday.
>
> Bro is running fine, my system is completely updated and everything looks
> good when I run a sostat (running BRO under Security Onion).
>
> Any insight is appreciated as I have no idea if they are something I
> should look into or not.
>
> Thanks
> Damon
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150119/758cfdd7/attachment.html
More information about the Bro
mailing list