[Zeek] Decreasing Log Cycle Time
Peter Hallin
peter.hallin at ldc.lu.se
Wed Sep 4 08:35:46 PDT 2019
Hello Michael,
In your broctl.cfg file, you can set the rotation interval to 300
seconds with:
LogRotationInterval = 300
Also, if you want to disable gzip on rotation, use this:
CompressLogs = 0
Brgds,
Peter
On 2019-09-04 11:03, Michael Gez wrote:
> Hi all,
>
> If I am not mistaken, Bro/Zeek cycles logs hourly.
> This cycle is causing some unpredictable behavior in my tailing algorithm.
>
> If i could set it to cycle every 5 minutes rather than on the hour, it
> would be very beneficial to testing and resolving issues.
> Is there a way I can reduce the amount of time Bro takes in between log
> cycles?
>
> Thanks!
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list