[Bro] Different delimiter for archived log files?
Mike Eriksson
mike at swedishmike.org
Wed Dec 6 09:24:53 PST 2017
Jon,
Sweet - many thanks for that. I'll give that a go.
Just shows how well I can read/search for info. ;-)
Cheers, Mike
On Wed, Dec 6, 2017 at 4:34 PM Jon Siwek <jsiwek at corelight.com> wrote:
> On Wed, Dec 6, 2017 at 2:31 AM, Mike Eriksson <mike at swedishmike.org>
> wrote:
>
> > At the moment log files that gets rotated out/archived looks like this:
> >
> > conn.17:00:00-18:00:00.log.gz
> >
> > ...
> >
> > Is there any configuration setting where this could be changed or would
> this
> > be a feature request for a future version?
>
> There's a bit in the broctl faq about changing format of archived
> filenames that you can try out:
>
>
> https://www.bro.org/sphinx/components/broctl/README.html#questions-and-answers
>
> Basically says to set the MakeArchiveName option in your broctl.cfg to
> point at a custom script which outputs your desired format and you can
> use the existing make-archive-name script as an example.
>
> - Jon
>
--
twitter: https://twitter.com/swedishmike
github: http://github.com/swedishmike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171206/0f99fd7a/attachment.html
More information about the Bro
mailing list