Anyone have experience with configuring BroControl to delete log files instead of archiving them upon rotation? I have a scenario where it’s better for me to delete the rotate log files instead of keeping them around.
Thanks!
Josh
BroControl doesn't actually archive logs (Bro does that by running
a script every time the logs are rotated). BroControl does have
an option to expire archived logs, so you could set something like
this in your broctl.cfg file:
LogExpireInterval = 1hr
You could also turn off compression to reduce the load on your
machine:
CompressLogs = 0
A more drastic option is to modify the archive-log script to delete
the logs before they are archived.