[Bro] BroControl config to delete instead of archive on rotation
Azoff, Justin S
jazoff at illinois.edu
Thu May 25 15:19:31 PDT 2017
> On May 25, 2017, at 3:52 PM, Daniel Thayer <dnthayer at illinois.edu> wrote:
>
> On 5/25/17 2:07 PM, Vlad Grigorescu wrote:
>> I don't, but you could try just changing broctl.cfg: CompressCmd = rm
>>
>> Which really is just (very) lossy compression... :-)
>>
>
> Doing that would result in an archived log file of zero length.
> To truly delete the log would currently require modifications
> to the archive-log script.
I think we already support this, it just was never intended to be used for this purpose:
The archive-log script does this:
# Run other postprocessors.
if [ -d "${postprocdir}" ]; then
for pp in "${postprocdir}"/*; do
nice "$pp" $@
done
fi
# Test if the log still exists in case one of the postprocessors archived it.
if [ ! -f $file_name ]; then
exit 0
fi
So I think all one needs to do is
ln -s /bin/rm /usr/local/bro/share/broctl/scripts/postprocessors/rm
--
- Justin Azoff
More information about the Bro
mailing list