[Zeek] Roll over logs at specific time

Mauricio Tavares raubvogel at gmail.com
Thu May 14 10:31:08 PDT 2020


On Thu, May 14, 2020 at 1:21 PM Greg Grasmehr <greg.grasmehr at caltech.edu> wrote:
>
> Hello,
>
> Is there a method to roll certain Zeek logs at a particular time instead
> of a count of seconds from 0000?  I was hoping setting a log to roll
> after 86404 seconds, and then restarting Zeek at the time I wanted the
> log to roll, would roll the log then and then persist as the time to
> roll, but it also rolled at midnight, which makes sense of course for
> basic syslogging.
>
      I think the main issue (you need to decide how much of an issue
it is) is that the informational emails depend on the same cronjob
(for a lack of a better term) that rotates the logs. In my case I did
not care much about that, hoping warning emails will be sent
regardless, and I delegated log rotating to the system (rsyslog +
logrotate in my case).

> Thanks in advance for any advice.
>
> --
> Sincerely,
>
> Greg Grasmehr
> Lead Information Security Analyst
> California Institute of Technology (Caltech)
> GPGMe: 38E2 F9BD A95E 9824 20AB  331A 9E29 D1A1 AAEE 5F42
> http://keys.gnupg.net/pks/lookup?search=0x9E29D1A1AAEE5F42
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek


More information about the Zeek mailing list