[Bro] Timemachine question - pkts_to_disk did not flush

[Chris Chiaverini]

Please help.

I was collecting something in particular an noticed that timemachine is 
not flushing to disk as expected.

I have my "all" class set to 100 packets and the class log shows 108 
packets but there is no pcap file yet.  Is there a way to force 
timemachine to flush to disk (kill switch maybe?)?

This is my timemachine.cfg:

global filter is by host

<OMITTED>

         filter "host xxx.xxx.xxx.xxx";
<OMITTED>

class "all" {
         #filter "";
         precedence 1;
         cutoff no;
         disk 50g;
         filesize 128m;
         mem 5000m;
         pkts_to_disk 100;
}

Here is the class log:

# head -1 classes.timemachine.log && tail -1 classes.timemachine.log
timestamp class stored_bytes stored_pkts cut_bytes cut_pkts mem_bytes 
mem_pkts mem_dt disk_bytes disk_pkts disk_dt
1495478432.93 class_all 7182 108 0 0 7182 108 541110.36 0 0 0.00
#


-- 


Regards,

Chris