[Bro] Rotate logs individually?

Daniel Thayer dnthayer at illinois.edu
Mon Nov 20 05:52:23 PST 2017


It works for me.


On 11/20/17 6:26 AM, craig bowser wrote:
> We have one particular bro log that fills up much faster than all the 
> others.   Is there a way to rotate that one log one a different 
> timetable than the others?____
> 
> __ __
> 
> I found this in the documentation which seems to indicate that it is 
> possible (the example given is for the conn.log):____
> 
> __ __
> 
> https://www.bro.org/sphinx-git/frameworks/logging.html#rotation 
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.bro.org_sphinx-2Dgit_frameworks_logging.html-23rotation&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Bi5qPBnY0NmYPqnRTPj_AfXQKpfQTZUpCzpfFBcawv0&m=L8hn8vIcjCTKcv6EA6is69KSOcGUeSnlGtsLQBtf5RU&s=ul_hpaORoyS57rQ4txkikkfl3TYQBACXViS7THruN30&e=>____
> 
> __ __
> 
> __ __
> 
> event bro_init()____
> 
>      {____
> 
>      local f = Log::get_filter(Conn::LOG, "default");____
> 
>      f$interv = 30 min;____
> 
>      Log::add_filter(Conn::LOG, f);____
> 
>      }____
> 
> __ __
> 
> __ __
> 
> Can you put this script into /usr/local/bro/share/bro/site/local.bro to 
> force only that log to rotate on a different schedule? ____
> 
> __ __
> 
> __ __
> 
> Thanks.


More information about the Bro mailing list