This is probably trivial, but I’m having a bit of trouble…
On a default 1.5.1 install, I’m getting summary and alert emails every 12 hours (at noon and midnight).
In the documentation, it looks like this should only be happening once a day by default, and that it’s tied to log rotation duties.
Where/how can I modify this frequency?
A larger question, what happened to all of the options from 1.4 that could be set in bro.cfg?
Are they all the same, and can I just add the variable/value pairs I need to override into broctl.cfg?
On a default 1.5.1 install, I'm getting summary and alert emails every 12
These are indeed send out twice day per default. The intervals are
set in {standalone,cluster-manager}.rotate-logs.bro and
{standalone,cluster-manager}.mail-alarms.bro. Don't change them
there directly but use similar redef's as these scripts do.
A larger question, what happened to all of the options from 1.4 that could
be set in bro.cfg?
They are gone (sorry). The old bro.cfg and new broctl.cfg are
completely separate frameworks, broctl has been written from
scratch. broctl's README.html has a complete list of option that
broctl.cfg supports. If you find anything missing, please file a
feature request with tracker.icir.org.