[Bro] Different delimiter for archived log files?
Jon Siwek
jsiwek at corelight.com
Wed Dec 6 08:34:09 PST 2017
On Wed, Dec 6, 2017 at 2:31 AM, Mike Eriksson <mike at swedishmike.org> wrote:
> At the moment log files that gets rotated out/archived looks like this:
>
> conn.17:00:00-18:00:00.log.gz
>
> ...
>
> Is there any configuration setting where this could be changed or would this
> be a feature request for a future version?
There's a bit in the broctl faq about changing format of archived
filenames that you can try out:
https://www.bro.org/sphinx/components/broctl/README.html#questions-and-answers
Basically says to set the MakeArchiveName option in your broctl.cfg to
point at a custom script which outputs your desired format and you can
use the existing make-archive-name script as an example.
- Jon
More information about the Bro
mailing list