[Zeek] Decreasing Log Cycle Time
Eric Ooi
ericooi at gmail.com
Wed Sep 4 08:36:52 PDT 2019
Hi Michael,
You should be able to do this by changing the “LogRotationInterval” variable in /opt/bro/etc/broctl.cfg (assuming you installed bro in /opt/). By default it’s set to 3600 seconds (1 hour), so setting this to 300 should change this to 5 minutes. You’ll then have to stop Bro (broctl stop) and redeploy (broctl deploy) for the changes to take effect.
Hope that helps!
Eric
ericooi.com
> On Sep 4, 2019, at 10:03 AM, Michael Gez <mgezz66 at gmail.com> wrote:
>
> Hi all,
>
> If I am not mistaken, Bro/Zeek cycles logs hourly.
> This cycle is causing some unpredictable behavior in my tailing algorithm.
>
> If i could set it to cycle every 5 minutes rather than on the hour, it would be very beneficial to testing and resolving issues.
> Is there a way I can reduce the amount of time Bro takes in between log cycles?
>
> Thanks!
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list