[Bro] ascii logger: unexpected modification to default_rotation_postprocessor_cmd and default_rotation_date_format during runtime
Frank Meier
franky.meier.1 at gmx.de
Tue May 15 03:28:11 PDT 2018
Hi!
I noticed a strange behavior: my bro 2.5.3 running on Linux for about 15
days suddenly "forgot" my settings for
Log::default_rotation_postprocessor_cmd and
Log::default_rotation_date_format.
When the change happened, the rotated files piled up, because the
post-processing script was not started. Also the filenames did no
longer contain the time zone. (I use Log::default_rotation_date_format =
%Y-%m-%d-%H-%M-%S%Z to avoid file name collisions when switching
to/from daylight-saving time).
A quick look at the code was not enough to understand the way rotation
works. I can spend more time, if nobody comes up with an explanation. I
can only assume, that some internal error in bro resets the values
without an error showing up (or the error was lost in bro's tmux
session).
Restarting bro helped for now.
Thanks for any ideas.
Franky.
More information about the Bro
mailing list