Change location of log files?

craig_bowser · September 1, 2017, 1:34pm

I’ve been looking thru the docs, but I don’t see ( and perhaps I don’t understand) if there is an option to change the location where bro writes all the log files.

The default is /usr/local/bro/logs and I would like them to be written to a partition I created called /data

/usr/local/bro/logs/current can stay where it is, but I’d like everything else to be moved.

Thanks

Craig

seth · September 1, 2017, 2:00pm

In broctl.cfg...

logdir = /usr/local/bro/logs

.Seth

Maerz_Stefan_A · September 1, 2017, 2:05pm

Broctl.conf file has a logging location. Scroll down to find it. Default place for it is /usr/local/bro/etc/broctl.conf

You can specify where both the current and rotated data is stored separately. This is what I have, the defaults are commented out:

Location of the log directory where log files will be archived each rotation

interval.

##LogDir = /usr/local/bro/logs
LogDir = /data/log

Location of the spool directory where files and data that are currently being

written are stored.

##SpoolDir = /usr/local/bro/spool
SpoolDir = /data/spool

Best Regards,
-Stefan

craig_bowser · September 1, 2017, 3:13pm

Thanks!

Topic		Replies	Views
Changing location of log files Zeek	1	74	May 6, 2022
Changing location of log files Zeek	1	84	May 6, 2022
Bro Log Filename Question Zeek	3	76	May 6, 2022
Log location Zeek	1	100	May 6, 2022
How to set the common log file directory for Bro 2.0? Zeek	1	75	May 6, 2022

Change location of log files?

Location of the log directory where log files will be archived each rotation

interval.

Location of the spool directory where files and data that are currently being

written are stored.

Related topics