log-append.bro

Po-Ching_Lin · September 23, 2013, 1:51pm

Hi,

I would like to append the logs in the current run to existing logs. There was
log-append.bro which can change the default setting in earlier Bro. How could
it be done in Bro 2.1? open_log_file is defined in init-bare.bro, which seems not
loaded in init-default.bro, so changing open to open_for_append in its definition
does not work. I run bro directly from the command line as "bro -r xxx.pcap".
Any suggestion is appreciated.

Po-Ching

robin · September 24, 2013, 9:01pm

Bro 2.x doesn't support that anymore as the logs no longer use the
open*() functions but go through the internal logging system. You
could work around it by definining a post-processor which takes the
log file and copies/appends it to somewhere else.

Robin

Topic		Replies	Views
Log file issues Zeek	2	100	May 6, 2022
Append instead of overwrite Zeek	15	135	May 6, 2022
Overwriting logs Zeek	3	71	May 6, 2022
About the question that Bro will lost the logs every time When execute ”bro -r xxx.pcap" Zeek	2	83	May 6, 2022
Feature Request: Append Zeek	5	192	May 6, 2022

log-append.bro

Related topics