Thanks Robin - I think this is exactly what I was looking for.
I tried adding what you recommended to my local.bro and then did a
but the connection summary email is still going out on the hour.
Is there something else that I need to do?
On Wed, May 30, 2012 at 2:27 PM, Robin Sommer <robin(a)icir.org> wrote:
On Wed, May 30, 2012 at 10:39 -0400, you wrote:
I don't like getting an email from broctl
every hour, though. Is
there a way to get a daily report, instead of an hourly report?
It's indeed coupled to log rotation currently, but you can change that
by redefining the rotation interval for the alarm summaries. Try this
local f = Log::get_filter(Notice::ALARM_LOG, "alarm-mail");
f$interv = 1day;
1. When logs are rotated (per default once a
Ah, that's outdated, the default log rotation used to be once a day,
but is now once an hour.
"LogRotationInterval (int, default 3600)
We should add a second option here that defines the rotation interval
for the alarm summaries separately.
Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org