base/frameworks/logging/postprocessors/sftp.bro

Log

This script defines a postprocessing function that can be applied to a logging filter in order to automatically SFTP a log stream (or a subset of it) to a remote host at configurable rotation time intervals. Generally, to use this functionality you must handle the bro_init event and do the following in your handler:

Create a new Log::Filter record that defines a name/path, rotation interval, and set the postprocessor to Log::sftp_postprocessor.
Add the filter to a logging stream using Log::add_filter.
Add a table entry to Log::sftp_destinations for the filter’s writer/path pair which defines a set of Log::SFTPDestination records.

Namespace:	Log
Source File:	`/scripts/base/frameworks/logging/postprocessors/sftp.bro`

Summary

Options

Log::sftp_rotation_date_format: string &redef Default naming format for timestamps embedded into log filenames that use the SFTP rotator.

State Variables

Log::sftp_destinations: table A table indexed by a particular log writer and filter path, that yields a set of remote destinations.

Types

Log::SFTPDestination: record A container that describes the remote destination for the SFTP command, comprised of the username, host, and path at which to upload the file.

Functions

Log::sftp_postprocessor: function Securely transfers the rotated log to all the remote hosts defined in Log::sftp_destinations and then deletes the local copy of the rotated log.

Detailed Interface

Options

Log::sftp_rotation_date_format

Type:	`string`
Attributes:	`&redef`
Default:	`"%Y-%m-%d-%H-%M-%S"`

Default naming format for timestamps embedded into log filenames that use the SFTP rotator.

State Variables

Log::sftp_destinations

Type:	`table` [`Log::Writer`, `string`] of `set` [`Log::SFTPDestination`]
Default:	`{}`

A table indexed by a particular log writer and filter path, that yields a set of remote destinations. The Log::sftp_postprocessor function queries this table upon log rotation and performs a secure transfer of the rotated log to each destination in the set. This table can be modified at run-time.

Types

Log::SFTPDestination

Type:

Type:	`record` user: `string` The remote user to log in as. A trust mechanism should be pre-established. host: `string` The remote host to which to transfer logs. host_port: `count` `&default` = `22` `&optional` The port to connect to. Defaults to 22 path: `string` The path/directory on the remote host to send logs.

record

user: string: The remote user to log in as. A trust mechanism should be pre-established.
host: string: The remote host to which to transfer logs.
host_port: count &default = 22 &optional: The port to connect to. Defaults to 22
path: string: The path/directory on the remote host to send logs.

A container that describes the remote destination for the SFTP command, comprised of the username, host, and path at which to upload the file.

Functions

Log::sftp_postprocessor

Type:	`function` (info: `Log::RotationInfo`) : `bool`

Securely transfers the rotated log to all the remote hosts defined in Log::sftp_destinations and then deletes the local copy of the rotated log. It’s not active when reading from trace files.

Info:	A record holding meta-information about the log file to be postprocessed.
Returns:	True if sftp system command was initiated or if no destination was configured for the log as described by info.

base/frameworks/logging/postprocessors/sftp.bro

Summary

Options

State Variables

Types

Functions

Detailed Interface

Options

State Variables

Types

Functions

Table of Contents

Next Page

Previous Page

base/frameworks/logging/postprocessors/sftp.bro

Summary

Options

State Variables

Types

Functions

Detailed Interface

Options

State Variables

Types

Functions

Table of Contents

Next Page

Previous Page

Search