Hi,
I’ve a bro 2.6.1 instance runnign on CentOS 7. I encountered the following error while trying to consume the rotated logs from last couple weeks. I’ve json logging applied and all the current hour logs in the “logs/current” are in json format.
I tried uncompressing few some logs files from last week and observed that only few files at random are in json and reset are in standard format. There is no order in how the json logs appear.
Second, I’m unable to uncompress some logs and get the error " invalid compressed data–format violated". This error is also random and doesn’t hint at a limited time overall system glitch.
Has anyone encountered such an issue?