15 May
2010
15 May
'10
7:33 p.m.
hi guys,
Is there an easy way to rotate bro log(in $BROHOME/spool/bro) to 'per day
log' after 24 hours and only archive it in gzip format after 48 hours?
Thanks
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
19 May
19 May
9:06 p.m.
On Sun, May 16, 2010 at 10:33 +0800, you wrote:
Is there an easy way to rotate bro log(in
$BROHOME/spool/bro) to 'per day
log' after 24 hours and only archive it in gzip format after 48 hours?
Not out of the box, but the rotation is done via the script defined
by RotateLogs::default_postprocessor. Per default, that is set to
"<prefix>/share/broctl/scripts/archive-log" so you could take that
one as template to write your own.
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin(a)icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
4389
days inactive
4393
days old
1 comments
2 participants
participants (2)
-
CS Lee -
Robin Sommer