Zeek v6.0.1
Does Zeek have a config setting or does it automatically clean up the post-terminate logs created every time Zeek stops?
Zeek v6.0.1
Does Zeek have a config setting or does it automatically clean up the post-terminate logs created every time Zeek stops?
Hi there,
Zeek’s ASCII log writer has a built-in mechanism (dubbed “shadow files”) to clean up leftover logs that it encounters on a subsequent run. There are also nuances to the log processing itself — if you’re using ZeekControl for your cluster, you’re likely post-processing your logs via archive-log. You could try the newer zeek-archiver instead, since it avoids some potential corner cases.
Best,
Christian