[Bro] logging locally and to remote logger

erik clark philosnef at gmail.com
Mon Nov 14 06:35:18 PST 2016


So, if I use:

redef Log::enable_local_logging

in a bro worker cluster, what I find is that all the logs go to
/data/bro/spool/worker-1-X instead of all in /data/bro/logs/current on the
local machine... Is there a way to fix this?

Also, I would want to rotate logs out on the workers that are doing
additional local logging to have a much more constrained timeframe for
logging, specifically 1 week for local nodes, and 3 months for the logger
host.

Is the best way to do this just with a cron rm -rf /data/bro/logs/$date ?
It seems this would run into a conflict with broctlconfig....

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161114/a18810d2/attachment.html 


More information about the Bro mailing list