log rotation

Ul_Asad_Hafiz · March 26, 2017, 6:18pm

Hi,

I am analysing a large number of “pcap” files using,

bro –r *.pcap my_bro.script

The problem is that for each new pcap file, bro over-writes the previous *.log files if I don’t change my working directory. Is there a way of controlling the rotation of log files? I know that “broctl” has this time base rotation, but is there any sort of rotation control when bro is run from command line? I can change the working directory, but I want to have all my results in a single a log file (files) so that it is easy to query them.

Regards

Asad

johanna · April 5, 2017, 4:37pm

Hi Asad,

Bro currently does not support appending data to the same log file over
several runs.

The typical way to solve this is to have a script which generates a new
directory for each run, automatically changes the working dorectory to it,
and runs Bro from there. Afterwards you can concatenate the output files.

I hope this helps,
Johanna

Topic		Replies	Views
Log file issues Zeek	2	100	May 6, 2022
Overwriting logs Zeek	3	70	May 6, 2022
BRO: the log files aren't the same every time Zeek	2	77	May 6, 2022
About the question that Bro will lost the logs every time When execute ”bro -r xxx.pcap" Zeek	2	83	May 6, 2022
recipe for log rotating? Zeek	5	100	May 6, 2022

log rotation

Related topics