[Zeek] Roll over logs at specific time

Greg Grasmehr greg.grasmehr at caltech.edu
Thu May 14 10:12:18 PDT 2020


Is there a method to roll certain Zeek logs at a particular time instead
of a count of seconds from 0000?  I was hoping setting a log to roll
after 86404 seconds, and then restarting Zeek at the time I wanted the
log to roll, would roll the log then and then persist as the time to
roll, but it also rolled at midnight, which makes sense of course for
basic syslogging.

Thanks in advance for any advice.


Greg Grasmehr
Lead Information Security Analyst
California Institute of Technology (Caltech)
GPGMe: 38E2 F9BD A95E 9824 20AB  331A 9E29 D1A1 AAEE 5F42

More information about the Zeek mailing list