From 47b799157ca661908623dfac377059a936819467 Mon Sep 17 00:00:00 2001 From: ethack Date: Wed, 26 May 2021 19:22:33 -0500 Subject: [PATCH] Transfer capture_loss, notice, and stats logs These logs are extremely useful for troubleshooting capture issues. --- zeek_log_transport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zeek_log_transport.sh b/zeek_log_transport.sh index 4769220..f0b2766 100755 --- a/zeek_log_transport.sh +++ b/zeek_log_transport.sh @@ -238,7 +238,7 @@ status "Preparing remote directories" ssh $extra_ssh_params "$aih_location" "mkdir -p ${remote_top_dir}/$today/ ${remote_top_dir}/$yesterday/ ${remote_top_dir}/$twoda/ ${remote_top_dir}/$threeda/ ${remote_top_dir}/current/" cd "$local_tld" || fail "Unable to change to $local_tld" -send_candidates=`find . -type f -mtime -3 -iname '*.gz' | egrep '(conn|dns|http|ssl|x509|known_certs)' | sort -u` +send_candidates=`find . -type f -mtime -3 -iname '*.gz' | egrep '(conn|dns|http|ssl|x509|known_certs|capture_loss|notice|stats)' | sort -u` if [ ${#send_candidates} -eq 0 ]; then echo printf "WARNING: No logs found, if your log directory is not $local_tld please use the flag: --localdir [bro_zeek_log_directory]"