[Zeek] Roll over logs at specific time
raubvogel at gmail.com
Thu May 14 10:31:08 PDT 2020
On Thu, May 14, 2020 at 1:21 PM Greg Grasmehr <greg.grasmehr at caltech.edu> wrote:
> Is there a method to roll certain Zeek logs at a particular time instead
> of a count of seconds from 0000? I was hoping setting a log to roll
> after 86404 seconds, and then restarting Zeek at the time I wanted the
> log to roll, would roll the log then and then persist as the time to
> roll, but it also rolled at midnight, which makes sense of course for
> basic syslogging.
I think the main issue (you need to decide how much of an issue
it is) is that the informational emails depend on the same cronjob
(for a lack of a better term) that rotates the logs. In my case I did
not care much about that, hoping warning emails will be sent
regardless, and I delegated log rotating to the system (rsyslog +
logrotate in my case).
> Thanks in advance for any advice.
> Greg Grasmehr
> Lead Information Security Analyst
> California Institute of Technology (Caltech)
> GPGMe: 38E2 F9BD A95E 9824 20AB 331A 9E29 D1A1 AAEE 5F42
> Zeek mailing list
> zeek at zeek.org
More information about the Zeek