[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: [Bro] Bro restart not saving logs properly
From: "William L. Jones" <jones () tacc ! utexas ! edu>
Date: 2009-06-25 19:18:51
Message-ID: 0E07074B82CE4B4A9982802A8484B6968364AD461F () EXCHANGE2K7 ! tacc ! utexas ! edu
[Download RAW message or body]
I noticed that when I a restart bro using the cluster command that the current manager logs are not saved. What end up in the logs directive is data for only a few minutes as if bro reopened the logs before terminating.
Could some verify that bro work properly under bsd.
I am running bro under linux and suspect that this is only a problem under linux and not bsd.
Bill Jones
-----Original Message-----
From: Robin Sommer [mailto:robin@icir.org]
Sent: Tuesday, June 23, 2009 3:50 PM
To: William L. Jones
Cc: bro@bro-ids.org
Subject: Re: [Bro] Is there any way to flush the conn log every so often
On Tue, Jun 23, 2009 at 13:30 -0500, you wrote:
> I would like to force a flush on it every so often. Is there a way
> to do this through a bro config file.
Yes, there are two options:
- file-flush.bro flushes all logs regurlarly (default: every 10s).
- the built-in function set_buf() disables buffering for a
particular log file; see the bro_init() handler in remote.bro for an
example. If there's not much traffic on the line, disabling the
buffering for conn.log shouldn't be a problem.
Roin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin@icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic