Package: base/frameworks/logging

The logging framework provides a flexible key-value based logging interface.

base/frameworks/logging/__load__.bro

base/frameworks/logging/main.bro

The Bro logging interface.

See Logging Framework for an introduction to Bro’s logging framework.

base/frameworks/logging/postprocessors/__load__.bro

base/frameworks/logging/postprocessors/scp.bro

This script defines a postprocessing function that can be applied to a logging filter in order to automatically SCP (secure copy) a log stream (or a subset of it) to a remote host at configurable rotation time intervals. Generally, to use this functionality you must handle the bro_init event and do the following in your handler:

  1. Create a new Log::Filter record that defines a name/path, rotation interval, and set the postprocessor to Log::scp_postprocessor.
  2. Add the filter to a logging stream using Log::add_filter.
  3. Add a table entry to Log::scp_destinations for the filter’s writer/path pair which defines a set of Log::SCPDestination records.

base/frameworks/logging/postprocessors/sftp.bro

This script defines a postprocessing function that can be applied to a logging filter in order to automatically SFTP a log stream (or a subset of it) to a remote host at configurable rotation time intervals. Generally, to use this functionality you must handle the bro_init event and do the following in your handler:

  1. Create a new Log::Filter record that defines a name/path, rotation interval, and set the postprocessor to Log::sftp_postprocessor.
  2. Add the filter to a logging stream using Log::add_filter.
  3. Add a table entry to Log::sftp_destinations for the filter’s writer/path pair which defines a set of Log::SFTPDestination records.

base/frameworks/logging/writers/ascii.bro

Interface for the ASCII log writer. Redefinable options are available to tweak the output format of ASCII logs.

The ASCII writer currently supports one writer-specific per-filter config option: setting tsv to the string T turns the output into “tab-separated-value” mode where only a single header row with the column names is printed out as meta information, with no “# fields” prepended; no other meta data gets included in that mode. Example filter using this:

local f: Log::Filter = [$name = "my-filter",
                        $writer = Log::WRITER_ASCII,
                        $config = table(["tsv"] = "T")];

base/frameworks/logging/writers/sqlite.bro

Interface for the SQLite log writer. Redefinable options are available to tweak the output format of the SQLite reader.

See Logging To and Reading From SQLite Databases for an introduction on how to use the SQLite log writer.

The SQL writer currently supports one writer-specific filter option via config: setting tablename sets the name of the table that is used or created in the SQLite database. An example for this is given in the introduction mentioned above.

base/frameworks/logging/writers/none.bro

Interface for the None log writer. This writer is mainly for debugging.

Table of Contents

    Copyright 2016, The Bro Project. Last updated on December 07, 2018. Created using Sphinx 1.8.2.