Bro Digest, Vol 126, Issue 56

All resolved now, i noticed the cronjob was in place for broctl tasks and also even though i configured the node.cfg back from a cluster to a standalone instance and re-ran deploy it had PID’s for both standalone and clustered processes. So i rebooted the system and it was logging and gzipping in the json output i want and now consuming a lot less resources and disk on our SIEM. ASCII had a 3:1 compression ratio of inflation! so json is much more efficient use of space

The json log entries need to include the field names in every record. There is no possible way that the json logs are more space efficient.