On 12/14/16 9:31 AM, Robin Sommer wrote:
On Tue, Dec 13, 2016 at 20:22 +0000, you wrote:
The way it was originally written must have
assumed the logs were
going to be archived to a different filesystem.
Yes, indeed, pretty sure that was the reason. If we just replaced "cp"
with "mv" that would still be an issue, right? We'd need something a
bit more smart that does the right thing in either case, like Python's
I'm not aware of any variety of Linux or BSD where the "mv" command
can't handle moving a file to a different filesystem.
I think the real issue is that with "mv", a copy of the log
would no longer be in the working directory, which is only
an issue if Bro had crashed (that's when post-terminate
runs archive-log with the "-c" option, which indicates that
we shouldn't remove the log after archiving it).