Log Rotate

Zeek
1

Hello guys,

          I'm new to this mailing list and i don't know if my question was asked before. But here it goes:

I have configured the rotate-logs.bro policy to rotate logs every one hour. It's working for every log except the dns.bro logs. What can be the cause of that?

Tks,

Diogo Corteletti de Oliveira

2

A bug. Can you try the attached patch to see if that helps? Thanks!

Robin

pp (2.12 KB)

3

Robin,

             I've aplied the patch, re-compiled and re-intalled bro but it didn't worked. Look bellow that every log rotated except the dns.log:

-rw-r--r-- 1 bro wheel 0B Jan 9 09:56 alarm.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 7.0K Jan 9 10:31 alarm.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 90K Jan 9 09:57 conn.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 7.2M Jan 9 10:38 conn.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 6.9M Jan 9 10:38 dns.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 5.0K Jan 9 09:57 ftp.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 92K Jan 9 10:38 ftp.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 57K Jan 9 09:57 http.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 5.4M Jan 9 10:38 http.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 548B Jan 9 09:57 info.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 485B Jan 9 09:58 info.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 0B Jan 9 09:56 irc.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 0B Jan 9 09:58 irc.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 790B Jan 9 09:57 notice.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 52K Jan 9 10:38 notice.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 0B Jan 9 09:56 software.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 0B Jan 9 09:58 software.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 0B Jan 9 09:57 step.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 0B Jan 9 09:56 step.bro.07-01-09_09.56.48-07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 0B Jan 9 09:58 step.bro.07-01-09_09.58.34
-rw-r--r-- 1 bro wheel 4.6K Jan 9 09:57 weird.bro.07-01-09_09.56.48
-rw-r--r-- 1 bro wheel 252K Jan 9 10:38 weird.bro.07-01-09_09.58.34

Tks

Diogo Corteletti

Robin Sommer escreveu:

4

Hmm ... I did for me but I was using a development version of the
code. I'll look into it.

Thanks for trying it,

Robin

P.S.: The patch did apply cleanly, didn't it?

5

Not at first!! I had to change the path for the two files for /usr/src/bro-1.1d/src/ and had to run patch with -l . =)

Tks

Diogo Corteletti

Robin Sommer escreveu:

6

To follow up on this, it seems that the patch does actually solve
the problem so we will put into the next Bro release.

The other file name problem Diogo mentioned was unrelated: the
bro.rc script defines a suffix, containing a timestamp, which is
appended to all names of log files. On rotation, the files are then
renamed as defined in rotate-logs.bro.

Robin