[Bro] Weird Log rotation in Bro IDS 2.5 Beta
Ludwig Goon
lagoon7 at gmail.com
Wed Nov 2 19:46:07 PDT 2016
Bro IDS was storing all of my files in the logs/current directory for the
last couple of days. I restarted bro to see if the files would rotate into
the proper directories instead I got this.
drwxr-xr-x 2 root root 36864 Nov 2 22:21 2000-00-
drwxr-xr-x 2 root root 4096 Nov 2 22:21 2000-25-
drwxr-xr-x 2 root root 4096 Nov 2 22:21 2000-33-
drwxr-xr-x 2 root root 4096 Nov 2 22:20 2000-35-
drwxr-xr-x 2 root root 4096 Nov 2 22:21 2000-36-
drwxr-xr-x 2 root root 4096 Nov 2 22:21 2010-22-
drwxr-xr-x 2 root root 4096 Nov 2 22:21 2011-27-
drwxr-xr-x 2 root root 4096 Nov 2 22:20 2011-37-
drwxr-xr-x 2 root root 4096 Oct 29 00:00 2016-10-28
drwxr-xr-x 2 root root 20480 Oct 30 00:00 2016-10-29
drwxr-xr-x 2 root root 20480 Oct 30 23:00 2016-10-30
drwxr-xr-x 2 root root 4096 Oct 31 22:54 2016-10-31
drwxr-xr-x 2 root root 4096 Nov 2 22:20 2031-32-
drwxr-xr-x 2 root root 4096 Nov 2 22:21 2039-49-
drwxr-xr-x 2 root root 4096 Nov 2 22:21 2057-18-
drwxr-xr-x 2 root root 4096 Nov 2 22:21 2057-19-
lrwxrwxrwx 1 root root 19 Nov 2 22:22 current -> /data/bro/spool/bro
Anyone got any ideas why this happened?
Also I used "broctl deploy" first then that ran for a couple of days then I
ran "broctl stop" that when the weirdness happened after I ran broctl
deploy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161102/e00afe3c/attachment.html
More information about the Bro
mailing list