Change location of log files?

craig_bowser · September 1, 2017, 1:34pm

I’ve been looking thru the docs, but I don’t see ( and perhaps I don’t understand) if there is an option to change the location where bro writes all the log files.

The default is /usr/local/bro/logs and I would like them to be written to a partition I created called /data

/usr/local/bro/logs/current can stay where it is, but I’d like everything else to be moved.

Thanks

Craig

Seth_Hall2 · September 1, 2017, 2:00pm

In broctl.cfg...

logdir = /usr/local/bro/logs

.Seth

Maerz_Stefan_A · September 1, 2017, 2:05pm

Broctl.conf file has a logging location. Scroll down to find it. Default place for it is /usr/local/bro/etc/broctl.conf

You can specify where both the current and rotated data is stored separately. This is what I have, the defaults are commented out:

Location of the log directory where log files will be archived each rotation

interval.

##LogDir = /usr/local/bro/logs
LogDir = /data/log

Location of the spool directory where files and data that are currently being

written are stored.

##SpoolDir = /usr/local/bro/spool
SpoolDir = /data/spool

Best Regards,
-Stefan

craig_bowser · September 1, 2017, 3:13pm

Thanks!

system · May 6, 2022, 3:45pm