I have a connection that I am monitoring with a low amount of activity so the conn log rarely fills up enough to be flushed to disk. I would like to force a flush on it every so often. Is there a way to do this through a bro config file.
Bill Jones
Yes, there are two options:
- file-flush.bro flushes all logs regurlarly (default: every 10s).
- the built-in function set_buf() disables buffering for a
particular log file; see the bro_init() handler in remote.bro for an
example. If there's not much traffic on the line, disabling the
buffering for conn.log shouldn't be a problem.
Roin
I used file-flush.bro to flush the logs. Thanks!
I noticed that when I a restart bro using the cluster command that the current manager logs are not saved. What end up in the logs directive is data for only a few minutes as if bro reopened the logs before terminating.
Could some verify that bro work properly under bsd.
I am running bro under linux and suspect that this is only a problem under linux and not bsd.
Bill Jones