[Bro] Change location of log files?
craig bowser
reswob10 at gmail.com
Fri Sep 1 08:13:47 PDT 2017
Thanks!
On 1 Sep 2017 10:05 am, "Maerz, Stefan A." <maerzsa at ornl.gov> wrote:
> Broctl.conf file has a logging location. Scroll down to find it. Default
> place for it is /usr/local/bro/etc/broctl.conf
>
> You can specify where both the current and rotated data is stored
> separately. This is what I have, the defaults are commented out:
>
> # Location of the log directory where log files will be archived each
> rotation
> # interval.
> ##LogDir = /usr/local/bro/logs
> LogDir = /data/log
>
> # Location of the spool directory where files and data that are currently
> being
> # written are stored.
> ##SpoolDir = /usr/local/bro/spool
> SpoolDir = /data/spool
>
>
> Best Regards,
> -Stefan
>
>
> --
> Stefan Maerz
> HPC Cyber Security Engineer
> Oak Ridge National Laboratory
> National Center for Computational Sciences
> Oak Ridge Leadership Computing Facility
> maerzsa at ornl.gov
> linkedin.com/in/stefanmaerz
>
> On Sep 1, 2017, at 9:34 AM, craig bowser <reswob10 at gmail.com> wrote:
>
>
>
> I've been looking thru the docs, but I don't see ( and perhaps I don't
> understand) if there is an option to change the location where bro writes
> all the log files.
>
> The default is /usr/local/bro/logs and I would like them to be written to
> a partition I created called /data
>
> /usr/local/bro/logs/current can stay where it is, but I'd like everything
> else to be moved.
>
> Thanks
>
> Craig
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170901/3c52f89b/attachment-0001.html
More information about the Bro
mailing list