[Zeek] Letting system handle log rotation

Mauricio Tavares raubvogel at gmail.com
Tue Apr 21 05:34:07 PDT 2020 

On Mon, Apr 20, 2020 at 8:30 AM Mauricio Tavares <raubvogel at gmail.com> wrote:
>
>       I have the system's syslog to do the log rotation, including
> renaming, just the way I want. If I set LogRotationInterval = 0, would
> zeek then let the system do its thing?

Got it to work:

[raub at testcentos log]$ sudo ls -lh /var/log/bro/old
total 16M
-rw-r--r-- 1 root root  14K Apr 21 03:39 capture_loss.log-20200421
-rw-r--r-- 1 root root 3.6M Apr 21 03:39 communication.log-20200421
-rw-r--r-- 1 root root 6.4M Apr 21 03:39 conn.log-20200421
-rw-r--r-- 1 root root 970K Apr 21 03:39 dns.log-20200421
-rw-r--r-- 1 root root 177K Apr 21 03:39 files.log-20200421
-rw-r--r-- 1 root root 120K Apr 21 03:39 http.log-20200421
-rw-r--r-- 1 root root  27K Apr 21 03:39 loaded_scripts.log-20200421
-rw-r--r-- 1 root root  187 Apr 21 03:39 packet_filter.log-20200421
-rw-r--r-- 1 root root  529 Apr 21 03:39 reporter.log-20200421
-rw-r--r-- 1 root root  30K Apr 21 03:39 sip.log-20200421
-rw-r--r-- 1 root root  24K Apr 21 03:39 ssl.log-20200421
-rw-r--r-- 1 root root 118K Apr 21 03:39 stats.log-20200421
-rw-r--r-- 1 root root  188 Apr 21 03:39 stdout.log-20200421
-rw-r--r-- 1 root root  580 Apr 21 03:39 top_dns.log-20200421
-rw-r--r-- 1 root root 3.8M Apr 21 03:39 weird.log-20200421
[raub at testcentos log]$ sudo ls -lh /var/log/bro/current
total 12M
-rw-r--r-- 1 root root  22K Apr 21 12:13 capture_loss.log
-rw-r--r-- 1 root root 5.7M Apr 21 12:22 communication.log
-rw-r--r-- 1 root root  11M Apr 21 12:22 conn.log
-rw-r--r-- 1 root root 1.6M Apr 21 12:22 dns.log
-rw-r--r-- 1 root root 283K Apr 21 12:22 files.log
-rw-r--r-- 1 root root 191K Apr 21 12:22 http.log
-rw-r--r-- 1 root root    0 Apr 21 03:39 loaded_scripts.log
-rw-r--r-- 1 root root  784 Apr 20 20:42 notice.log
-rw-r--r-- 1 root root    0 Apr 21 03:39 packet_filter.log
-rw-r--r-- 1 root root    0 Apr 21 03:39 reporter.log
-rw-r--r-- 1 root root  42K Apr 21 12:03 sip.log
-rw-r--r-- 1 root root  36K Apr 21 12:21 ssl.log
-rw-r--r-- 1 root root 190K Apr 21 12:19 stats.log
-rw-r--r-- 1 root root    0 Apr 20 13:28 stderr.log
-rw-r--r-- 1 root root    0 Apr 21 03:39 stdout.log
-rw-r--r-- 1 root root    0 Apr 21 03:39 top_dns.log
-rw-r--r-- 1 root root 6.1M Apr 21 12:22 weird.log
-rw-r--r-- 1 root root 1.3K Apr 21 02:26 x509.log
[raub at testcentos log]$

More information about the Zeek mailing list