mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
29 lines
1,000 B
Text
29 lines
1,000 B
Text
##! This is the core Bro script to support the notion of a cluster logger.
|
|
##!
|
|
##! The logger is passive (other Bro instances connect to us), and once
|
|
##! connected the logger receives logs from other Bro instances.
|
|
##! This script will be automatically loaded if necessary based on the
|
|
##! type of node being started.
|
|
|
|
##! This is where the cluster logger sets it's specific settings for other
|
|
##! frameworks and in the core.
|
|
|
|
@prefixes += cluster-logger
|
|
|
|
## Turn on local logging.
|
|
redef Log::enable_local_logging = T;
|
|
|
|
## Turn off remote logging since this is the logger and should only log here.
|
|
redef Log::enable_remote_logging = F;
|
|
|
|
## Log rotation interval.
|
|
redef Log::default_rotation_interval = 1 hrs;
|
|
|
|
## Alarm summary mail interval.
|
|
redef Log::default_mail_alarms_interval = 24 hrs;
|
|
|
|
## Use the cluster's archive logging script.
|
|
redef Log::default_rotation_postprocessor_cmd = "archive-log";
|
|
|
|
## We're processing essentially *only* remote events.
|
|
redef max_remote_events_processed = 10000;
|