[Bro] archive-log process apparently failing
John Daly
longjohngolf at gmail.com
Fri Oct 16 11:15:03 PDT 2015
Brad,
At the time of log rotation, Bro copies all logs from the "current"
dir (more accurately spool/manager) to the archive directory
(logs/YYYY-MM-DD) and gzips the logs. Be sure that you have CPU and IO
cycles to do both of those tasks. If you want to optimize this, tweak
the following settings in the broctl.cfg:
* Set CompressLogs = 0. This will prevent broctl from compressing the
logs, freeing up CPU cycles at log rotation time.
* Set TraceSummary = "". This will prevent the connection summary
script from being run, freeing up CPU cycles at log rotation time.
-jd
More information about the Bro
mailing list