[Bro] logging locally and to remote logger
erik clark
philosnef at gmail.com
Mon Nov 14 06:35:18 PST 2016
So, if I use:
redef Log::enable_local_logging
in a bro worker cluster, what I find is that all the logs go to
/data/bro/spool/worker-1-X instead of all in /data/bro/logs/current on the
local machine... Is there a way to fix this?
Also, I would want to rotate logs out on the workers that are doing
additional local logging to have a much more constrained timeframe for
logging, specifically 1 week for local nodes, and 3 months for the logger
host.
Is the best way to do this just with a cron rm -rf /data/bro/logs/$date ?
It seems this would run into a conflict with broctlconfig....
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161114/a18810d2/attachment.html
More information about the Bro
mailing list