The problem with that approach is, that Bro would have to check that the
mapping in the files still match. If you change the scripts in-between,
the order or even the number of columns in the log-files might be
different. Which would mean that the header do not fit the file content
hat might give you really difficult to parse log-files if you do it by
On 15 Aug 2014, at 8:53, James Lay wrote:
On 2014-08-15 09:46, Seth Hall wrote:
On Aug 15, 2014, at 7:59 AM, James Lay
> So I run bro instead of broctl. Currently,
if I stop a running
> and start it again, bro overwrites any previous log files...is
> there a
> way to change this behavior? Thank you.
How would you like it to behave instead?
International Computer Science Institute
(Bro) because everyone has a network
To give me an option to append instead of overwrite. I imagine that
since broctl does all the file management that this could be a command
bro -i eth0 -n local.bro
where -n would be a no overwrite option. In a nutshell "if the files
don't exist, create them, if they do, just append, without the header,
to the current file". It could just be a single check on start.
How's that? Thanks Seth.
Bro mailing list