Hello Guys,
I have another doubt about logs in bro. I have changed the following line in the rotate-logs.bro file:
global date_format = "%y-%m-%d_%H.%M.%S" &redef;
to
global date_format = "%y%m%d%H%M%S" &redef;
But the logs are still being created with the old format. I have searched all files in the policy directory for a redef of this variable but it doesn't exist.
conn.bro.07-01-10_14.27.21
Thanks,
Diogo Corteletti
I have another doubt about logs in bro. I have changed
the following line in the rotate-logs.bro file:global date_format = "%y-%m-%d_%H.%M.%S" &redef;
to
global date_format = "%y%m%d%H%M%S" &redef;
But the logs are still being created with the old format.
This, plus the patch Robin sent you failing to fix the other problem, imply
very strongly that you have some search path issues such that you're not
executing the version of Bro that you think you are. One thing to do in
this regard is run Bro and then use ls -lu to see whether the access times
on the your modified files such as rotate-logs.bro change. If not, then
you know they're not being read at run-time.
Vern