[Bro] logs in bro/spool/manager not consistent with archived logs

Thu Jun 18 11:13:50 PDT 2015

I'm running bro in my test environment and if I do an ls on the directory where current logs are supposed to be stored I get this

root at spot:/usr/local/bro/logs# ls /usr/local/bro/spool/manager

communication.log  loaded_scripts.log  reporter.log  stderr.log  stdout.log

If I run  an ls in one of the archived directories I get this

app_stats.00:00:00-01:00:00.log.gz      conn.06:00:00-07:00:00.log.gz          dpd.07:00:00-08:00:00.log.gz          known_services.00:00:00-01:00:00.log.gz  reporter.12:49:56-12:58:35.log.gz  ssl.12:00:00-13:00:00.log.gz

app_stats.01:00:00-02:00:00.log.gz      conn.07:00:00-08:00:00.log.gz          dpd.08:00:00-09:00:00.log.gz          known_services.01:00:00-02:00:00.log.gz  reporter.13:02:38-13:06:00.log.gz  tunnel.07:00:00-08:00:00.log.gz

app_stats.02:00:00-03:00:00.log.gz      conn.08:00:00-09:00:00.log.gz          dpd.09:00:00-10:00:00.log.gz          known_services.09:00:00-10:00:00.log.gz  snmp.00:00:00-01:00:00.log.gz      tunnel.08:00:00-09:00:00.log.gz

app_stats.03:00:00-04:00:00.log.gz      conn.09:00:00-10:00:00.log.gz          dpd.10:00:00-11:00:00.log.gz          known_services.12:00:00-13:00:00.log.gz  snmp.01:00:00-02:00:00.log.gz      tunnel.10:00:00-11:00:00.log.gz

app_stats.04:00:00-05:00:00.log.gz      conn.10:00:00-11:00:00.log.gz          dpd.11:00:00-12:00:00.log.gz          loaded_scripts.12:45:56-12:58:35.log.gz  snmp.02:00:00-03:00:00.log.gz      tunnel.11:00:00-12:00:00.log.gz

app_stats.05:00:00-06:00:00.log.gz      conn.11:00:00-12:00:00.log.gz          dpd.12:00:00-13:00:00.log.gz          loaded_scripts.12:58:38-13:00:00.log.gz  snmp.03:00:00-04:00:00.log.gz      tunnel.12:00:00-13:00:00.log.gz

app_stats.06:00:00-07:00:00.log.gz      conn.12:00:00-13:00:00.log.gz          files.00:00:00-01:00:00.log.gz        notice.00:00:00-01:00:00.log.gz          snmp.09:00:00-10:00:00.log.gz      weird.00:00:00-01:00:00.log.gz

app_stats.07:00:00-08:00:00.log.gz      conn-summary.00:00:00-01:00:00.log.gz  files.01:00:00-02:00:00.log.gz        notice.01:00:00-02:00:00.log.gz          snmp.10:00:00-11:00:00.log.gz      weird.01:00:00-02:00:00.log.gz

app_stats.08:00:00-09:00:00.log.gz      conn-summary.01:00:00-02:00:00.log.gz  files.02:00:00-03:00:00.log.gz        notice.02:00:00-03:00:00.log.gz          snmp.11:00:00-12:00:00.log.gz      weird.02:00:00-03:00:00.log.gz

app_stats.09:00:00-10:00:00.log.gz      conn-summary.02:00:00-03:00:00.log.gz  files.03:00:00-04:00:00.log.gz        notice.03:00:00-04:00:00.log.gz          software.00:00:00-01:00:00.log.gz  weird.03:00:00-04:00:00.log.gz

app_stats.10:00:00-11:00:00.log.gz      conn-summary.03:00:00-04:00:00.log.gz  files.04:00:00-05:00:00.log.gz        notice.04:00:00-05:00:00.log.gz          software.01:00:00-02:00:00.log.gz  weird.04:00:00-05:00:00.log.gz

...

Is there a configuration directive that I'm missing?

Thanks in advance for any help.

-Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150618/b07bef33/attachment-0001.html 