base/frameworks/logging/postprocessors/scp.bro

Log

This script defines a postprocessing function that can be applied to a logging filter in order to automatically SCP (secure copy) a log stream (or a subset of it) to a remote host at configurable rotation time intervals. Generally, to use this functionality you must handle the bro_init event and do the following in your handler:

  1. Create a new Log::Filter record that defines a name/path, rotation interval, and set the postprocessor to Log::scp_postprocessor.
  2. Add the filter to a logging stream using Log::add_filter.
  3. Add a table entry to Log::scp_destinations for the filter’s writer/path pair which defines a set of Log::SCPDestination records.
Namespace:Log
Source File:/scripts/base/frameworks/logging/postprocessors/scp.bro

Summary

Redefinable Options

Log::scp_rotation_date_format: string &redef Default naming format for timestamps embedded into log filenames that use the SCP rotator.

State Variables

Log::scp_destinations: table A table indexed by a particular log writer and filter path, that yields a set of remote destinations.

Types

Log::SCPDestination: record A container that describes the remote destination for the SCP command argument as user@host:path.

Functions

Log::scp_postprocessor: function Secure-copies the rotated log to all the remote hosts defined in Log::scp_destinations and then deletes the local copy of the rotated log.

Detailed Interface

Redefinable Options

Log::scp_rotation_date_format
Type:string
Attributes:&redef
Default:"%Y-%m-%d-%H-%M-%S"

Default naming format for timestamps embedded into log filenames that use the SCP rotator.

State Variables

Log::scp_destinations
Type:table [Log::Writer, string] of set [Log::SCPDestination]
Default:{}

A table indexed by a particular log writer and filter path, that yields a set of remote destinations. The Log::scp_postprocessor function queries this table upon log rotation and performs a secure copy of the rotated log to each destination in the set. This table can be modified at run-time.

Types

Log::SCPDestination
Type:

record

user: string

The remote user to log in as. A trust mechanism should be pre-established.

host: string

The remote host to which to transfer logs.

path: string

The path/directory on the remote host to send logs.

A container that describes the remote destination for the SCP command argument as user@host:path.

Functions

Log::scp_postprocessor
Type:function (info: Log::RotationInfo) : bool

Secure-copies the rotated log to all the remote hosts defined in Log::scp_destinations and then deletes the local copy of the rotated log. It’s not active when reading from trace files.

Info:A record holding meta-information about the log file to be postprocessed.
Returns:True if secure-copy system command was initiated or if no destination was configured for the log as described by info.
Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.