[Bro] Rotate logs individually?
Daniel Thayer
dnthayer at illinois.edu
Mon Nov 20 05:52:23 PST 2017
It works for me.
On 11/20/17 6:26 AM, craig bowser wrote:
> We have one particular bro log that fills up much faster than all the
> others. Is there a way to rotate that one log one a different
> timetable than the others?____
>
> __ __
>
> I found this in the documentation which seems to indicate that it is
> possible (the example given is for the conn.log):____
>
> __ __
>
> https://www.bro.org/sphinx-git/frameworks/logging.html#rotation
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.bro.org_sphinx-2Dgit_frameworks_logging.html-23rotation&d=DwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Bi5qPBnY0NmYPqnRTPj_AfXQKpfQTZUpCzpfFBcawv0&m=L8hn8vIcjCTKcv6EA6is69KSOcGUeSnlGtsLQBtf5RU&s=ul_hpaORoyS57rQ4txkikkfl3TYQBACXViS7THruN30&e=>____
>
> __ __
>
> __ __
>
> event bro_init()____
>
> {____
>
> local f = Log::get_filter(Conn::LOG, "default");____
>
> f$interv = 30 min;____
>
> Log::add_filter(Conn::LOG, f);____
>
> }____
>
> __ __
>
> __ __
>
> Can you put this script into /usr/local/bro/share/bro/site/local.bro to
> force only that log to rotate on a different schedule? ____
>
> __ __
>
> __ __
>
> Thanks.
More information about the Bro
mailing list