When running the rotate-logs script I want the logs to be moved into a separate directory that the newly created logs. For example when the logs rotate on the hour I want conn.old to be moved to /usr/local/old and conn.new to stay in /usr/local/bro/logs. Does anyone know how to do this?
Thanks
You can define a postprocessor to be run after rotation which can
move the files somewhere else. There's actually a script in the
distribution to do just that, see aux/scripts/mvfile (the beginning
of the script explains how to set this up).
Robin
Thank you, that is how I was able to accomplish the task.