I know I've brought this up before, but I was going to put this in on the github but that feature isn't enabled.
I know a lot of people just use broctl and be done with it, but I just use it via command line most of the time. It would REALLY be nice have a command line switch to not overwrite log files and just append to existing files. Thank you.
James
Yeah, this has been a bit of an unfortunate change. When we switched to the current logging format in 2.0, we changed the logging so you couldn't do append because the ascii writer in the default "bro log format" wants to put the header and footer in place. If the format of the logs changes between restarts the content wouldn't even be consistent (i.e., column offsets could change or be renamed).
This request may be an early sign that we need to consider a bit of overhaul to the default writers in 2.6. The ascii writer is sort of overloaded by doing the "bro log format" and JSON logging, the JSON logging doesn't provide any indication of the structure of the logs being provided, you can't append with the ascii writer as you've indicated (although, if we had a dedicated json logger then it might make more sense to have an append mode). Definitely some issues to think about.
.Seth
Thanks Seth. Truth be told it wouldn’t bother me one bit if the headers were written again…they’re all prefaced with “#” anyways. Just to have it not create a new file and append to the current if it exists is all I’d really like to see at some point. And personally I love the ascii…makes it so easy to quickly search 
Anyway thanks for looking at this.
James
Yeah, I had that same thought. Would you mind filling a ticket in the tracker about log append in the ascii writer? Seems reasonable to me.
.Seth
Absolutely. Thanks Seth.
James