[Bro] Rotate logs individually?

craig bowser reswob10 at gmail.com
Mon Nov 20 04:26:56 PST 2017


We have one particular bro log that fills up much faster than all the
others.   Is there a way to rotate that one log one a different timetable
than the others?



I found this in the documentation which seems to indicate that it is
possible (the example given is for the conn.log):



https://www.bro.org/sphinx-git/frameworks/logging.html#rotation





event bro_init()

    {

    local f = Log::get_filter(Conn::LOG, "default");

    f$interv = 30 min;

    Log::add_filter(Conn::LOG, f);

    }





Can you put this script into /usr/local/bro/share/bro/site/local.bro to
force only that log to rotate on a different schedule?





Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171120/91387963/attachment.html 


More information about the Bro mailing list