scp.bro¶

Log¶

This script defines a postprocessing function that can be applied to a logging filter in order to automatically SCP (secure copy) a log stream (or a subset of it) to a remote host at configurable rotation time intervals. Generally, to use this functionality you must handle the bro_init event and do the following in your handler:

Create a new Log::Filter record that defines a name/path, rotation interval, and set the postprocessor to Log::scp_postprocessor.
Add the filter to a logging stream using Log::add_filter.
Add a table entry to Log::scp_destinations for the filter’s writer/path pair which defines a set of Log::SCPDestination records.

Namespace:	Log
Source File:	`/scripts/base/frameworks/logging/postprocessors/scp.bro`

Summary¶

Redefinable Options¶

Log::scp_rotation_date_format: string &redef Default naming format for timestamps embedded into log filenames that use the SCP rotator.

State Variables¶

Log::scp_destinations: table A table indexed by a particular log writer and filter path, that yields a set of remote destinations.

Types¶

Log::SCPDestination: record A container that describes the remote destination for the SCP command argument as user@host:path.

Functions¶

Log::scp_postprocessor: function Secure-copies the rotated log to all the remote hosts defined in Log::scp_destinations and then deletes the local copy of the rotated log.

Detailed Interface¶

Redefinable Options¶

Log::scp_rotation_date_format¶

Type:	`string`
Attributes:	`&redef`
Default:	`"%Y-%m-%d-%H-%M-%S"`

Default naming format for timestamps embedded into log filenames that use the SCP rotator.

State Variables¶

Log::scp_destinations¶

Type:	`table` [`Log::Writer`, `string`] of `set` [`Log::SCPDestination`]
Default:	`{}`

A table indexed by a particular log writer and filter path, that yields a set of remote destinations. The Log::scp_postprocessor function queries this table upon log rotation and performs a secure copy of the rotated log to each destination in the set. This table can be modified at run-time.

Types¶

Log::SCPDestination¶

Type:

Type:	`record` user: `string` The remote user to log in as. A trust mechanism should be pre-established. host: `string` The remote host to which to transfer logs. path: `string` The path/directory on the remote host to send logs.

record

user: string: The remote user to log in as. A trust mechanism should be pre-established.
host: string: The remote host to which to transfer logs.
path: string: The path/directory on the remote host to send logs.

A container that describes the remote destination for the SCP command argument as user@host:path.

Functions¶

Log::scp_postprocessor¶

Type:	`function` (info: `Log::RotationInfo`) : `bool`

Secure-copies the rotated log to all the remote hosts defined in Log::scp_destinations and then deletes the local copy of the rotated log. It’s not active when reading from trace files.

Info:	A record holding meta-information about the log file to be postprocessed.
Returns:	True if secure-copy system command was initiated or if no destination was configured for the log as described by info.

base/frameworks/logging/postprocessors/scp.bro¶

Summary¶

Redefinable Options¶

State Variables¶

Types¶

Functions¶

Detailed Interface¶

Redefinable Options¶

State Variables¶

Types¶

Functions¶

Table of Contents

Next Page

Previous Page

base/frameworks/logging/postprocessors/scp.bro¶

Summary¶

Redefinable Options¶

State Variables¶

Types¶

Functions¶

Detailed Interface¶

Redefinable Options¶

State Variables¶

Types¶

Functions¶

Table of Contents

Next Page

Previous Page

Search