[Bro] Multiple log streams
Jan Grashöfer
jan.grashoefer at gmail.com
Mon May 16 11:44:11 PDT 2016
Hi Jay,
> I'm seeing only a fraction of the total logs being written as JSON -- it
> varies between about 25-40%.
Do you miss single log lines or complete log files? In case you are
missing single log lines: Is there any pattern (e.g. a certain type of
events is missing or just a subset of logs is affected)?
In case you are running a cluster, it might be interesting to log the
node (see
https://github.com/0xxon/bro-scripts/blob/master/conn-workers.bro).
Best regards,
Jan
More information about the Bro
mailing list