[Bro] Different delimiter for archived log files?

Mike Eriksson mike at swedishmike.org
Wed Dec 6 00:31:54 PST 2017


All,

I've been looking through the documentation and config files but haven't
found anything relating to this - chances are still big that I've missed it
so please let me know if I have.

At the moment log files that gets rotated out/archived looks like this:

conn.17:00:00-18:00:00.log.gz

What causes trouble on certain operating systems here is the : (colon)
character. For example under Windows it is an invalid character for a file
name. If you try to copy the file off your Bro server, or some other
off-host storage that supports the file name, onto a Windows host it fails.

Sadly there's occasions when I need to get these files across to a Windows
host which means that I have to manually rename the files before I copy
them across.

Is there any configuration setting where this could be changed or would
this be a feature request for a future version?

Thanks in advance, Mike
-- 

twitter: https://twitter.com/swedishmike
github: http://github.com/swedishmike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171206/f7163bcb/attachment.html 


More information about the Bro mailing list