Hello,
Where can I adjust the frequency of the Connection Summary/Alarm Summary emails that Bro sends via email? They come in every hour by default.
Thank you,
Konrad
I think this coincides with when broctl archives. I set mine within broctl.cfg to once a day with:
# Rotation interval in seconds for log files on manager/standalone node.
LogRotationInterval = 86400
Hope that helps.
James
The LogRotationInterval and MailAlarmsInterval options are
documented here:
http://bro.org/sphinx/components/broctl/README.html#user-options
The connection summary email interval is the same as the log rotation
interval. If you don't want to receive connection summary emails,
then you can set MailConnectionSummary=0.
Thank you Daniel.
Do you know if there a way to keep the log rotation default (1hr) but modify the connection summary emails to be sent out every 24 hours for example?
No, sorry, the summaries are implemented as a log post-processor that
crunches conn.log as it gets rotated. That's why their intervals are
tied together.
Robin
Thank you
Konrad
If you set MailConnectionSummary=0 in broctl.cfg, then
you won't receive any connection summary emails, but the
connection summary reports will still be created (they are
archived along with the other bro log files), so you can
look at them when it is convenient for you.