Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add logging framework metadata mechanism.

Browse source 
Example script coming soon.
This commit is contained in:
Seth Hall 2016-05-24 09:28:07 -04:00
parent b28801ce95
commit 3e3f6f13cc
3 changed files with 118 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

38
scripts/base/frameworks/logging/main.bro
View file

@ -94,6 +94,17 @@ export {
## option.
const default_rotation_interval = 0secs &redef;
## Default naming format for timestamps embedded into filenames.
## Uses a ``strftime()`` style.
const default_rotation_date_format = "%Y-%m-%d-%H-%M-%S" &redef;
## Default shell command to run on rotated files. Empty for none.
const default_rotation_postprocessor_cmd = "" &redef;
## Specifies the default postprocessor function per writer type.
## Entries in this table are initialized by each writer type.
const default_rotation_postprocessors: table[Writer] of function(info: RotationInfo) : bool &redef;
## Default alarm summary mail interval. Zero disables alarm summary
## mails.
##
@ -110,16 +121,15 @@ export {
## nested records.
const default_unrolling_sep = "." &redef;
## Default naming format for timestamps embedded into filenames.
## Uses a ``strftime()`` style.
const default_rotation_date_format = "%Y-%m-%d-%H-%M-%S" &redef;
## A prefix for metadata fields which can be optionally prefixed
## on all log lines by setting the `metadata_func` field in the
## log filter.
const Log::default_metadata_prefix: string = "_" &redef;
## Default shell command to run on rotated files. Empty for none.
const default_rotation_postprocessor_cmd = "" &redef;
## Specifies the default postprocessor function per writer type.
## Entries in this table are initialized by each writer type.
const default_rotation_postprocessors: table[Writer] of function(info: RotationInfo) : bool &redef;
## Default metadata function in the case that you would like to
## apply the same metadata to all logs. The function *must* return
## a record with all of the fields to be included in the metadata.
const Log::default_metadata_func: function(path: string): any &redef;
## A filter type describes how to customize logging streams.
type Filter: record {
@ -206,6 +216,16 @@ export {
## Rotation interval. Zero disables rotation.
interv: interval &default=default_rotation_interval;
## Default prefix for all metadata fields. It's typically
## prudent to set this to something that Bro's logging
## framework can't normally write out in a field name.
metadata_prefix: string &default="_";
## Function to collect a metadata value. If not specified, no
## metadata will be provided for the log.
## The return value from the function *must* be a record.
metadata_func: function(path: string): any &optional;
## Callback function to trigger for rotated files. If not set, the
## default comes out of :bro:id:`Log::default_rotation_postprocessors`.
postprocessor: function(info: RotationInfo) : bool &optional;