[Bro] Change location of log files?
Maerz, Stefan A.
maerzsa at ornl.gov
Fri Sep 1 07:05:43 PDT 2017
Broctl.conf file has a logging location. Scroll down to find it. Default place for it is /usr/local/bro/etc/broctl.conf
You can specify where both the current and rotated data is stored separately. This is what I have, the defaults are commented out:
# Location of the log directory where log files will be archived each rotation
# interval.
##LogDir = /usr/local/bro/logs
LogDir = /data/log
# Location of the spool directory where files and data that are currently being
# written are stored.
##SpoolDir = /usr/local/bro/spool
SpoolDir = /data/spool
Best Regards,
-Stefan
--
Stefan Maerz
HPC Cyber Security Engineer
Oak Ridge National Laboratory
National Center for Computational Sciences
Oak Ridge Leadership Computing Facility
maerzsa at ornl.gov
linkedin.com/in/stefanmaerz
> On Sep 1, 2017, at 9:34 AM, craig bowser <reswob10 at gmail.com> wrote:
>
>
>
> I've been looking thru the docs, but I don't see ( and perhaps I don't understand) if there is an option to change the location where bro writes all the log files.
>
> The default is /usr/local/bro/logs and I would like them to be written to a partition I created called /data
>
> /usr/local/bro/logs/current can stay where it is, but I'd like everything else to be moved.
>
> Thanks
>
> Craig
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170901/96a8fd25/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170901/96a8fd25/attachment.bin
More information about the Bro
mailing list