Buffered output on logs

Eric_Wages · December 22, 2006, 9:03pm

Question for you folks - clearly the logging functionality of Bro is buffered, but will it also be flushed after a certain time has expired as well?

I'm noticing that the alarm output file can have immediate writes, but something like the ssh output file will have 0 bytes until I manually checkpoint the server.

Your thoughts?

Thanks,

-Eric

Eric Wages
COLSA Corporation
Operations Manager, HMT ROC
256-721-0372, ext 110

Seth_Hall4 · December 22, 2006, 9:26pm

@load file-flush
redef file_flush_interval = 10 sec;

Log files will write to disk every 10 seconds.

.Seth

Eric_Wages · December 22, 2006, 9:27pm

Excellent! Thanks, Seth! That's just what I needed.

-Eric

Eric Wages
COLSA Corporation
Operations Manager, HMT ROC
256-721-0372, ext 110

Topic		Replies	Views
logging in bro Zeek	1	83	May 6, 2022
logging in bro Zeek	1	69	May 6, 2022
Is there any way to flush the conn log every so often Zeek	4	61	May 6, 2022
cluster manager log buffering Zeek	1	91	May 6, 2022
TimeStamp of Bro output Zeek	1	47	May 6, 2022

Buffered output on logs

Related Topics