[Bro] local.bro causing memory leak
fatema bannatwala
fatema.bannatwala at gmail.com
Wed Mar 21 12:04:17 PDT 2018
Hey Ben,
So, if the whole purpose of doing file renaming was just for Splunk
streaming,
then I wonder why it won't work for you to just have forwarder keep
monitoring the log files in the current Bro log dir.
We are also a Splunk shop, and index some of our Bro logs into Splunk using
Splunk forwarder running on our Bro manager, and just monitoring
logs/current/ dir for the types of logs we want to index.
It's a very basic setup, works without any issues on our side. wonder why
it would create a problem in your situation. Hmm (or I might have
mis-interpreted the problem :) ).
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180321/c18ce125/attachment.html
More information about the Bro
mailing list