/usr/local/zeek/spool/tmp/post-terminate log cleanup

g55xf9 · March 28, 2024, 1:49pm

Zeek v6.0.1

Does Zeek have a config setting or does it automatically clean up the post-terminate logs created every time Zeek stops?

Christian · April 13, 2024, 12:13am

Hi there,

Zeek’s ASCII log writer has a built-in mechanism (dubbed “shadow files”) to clean up leftover logs that it encounters on a subsequent run. There are also nuances to the log processing itself — if you’re using ZeekControl for your cluster, you’re likely post-processing your logs via archive-log. You could try the newer zeek-archiver instead, since it avoids some potential corner cases.

Best,
Christian

Topic		Replies	Views
Permissions of spool directory keeps changing Zeek	2	166	June 27, 2023
Zeek Supervisor: designing client and log archival behavior Development development	5	147	May 6, 2022
Zeek keeps crashing due to some weird error message Zeek	2	1516	October 18, 2022
Zeek manager process not terminating when restarting the zeek Zeek	0	180	October 10, 2022
Try.zeek and local zeek6.0.1 : missing entries Zeek logging	2	204	September 19, 2023

/usr/local/zeek/spool/tmp/post-terminate log cleanup

Related Topics