Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Adapted for API similarity with Robin's logging framework code.

Browse source
This commit is contained in:
Seth Hall 2011-03-01 17:17:48 -05:00
parent ffa494e428
commit fe85a3e4d2
3 changed files with 21 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

7
policy/logging.bro
View file

@ -1,4 +1,4 @@
module Logging; module Log;
export { export {
# The set of writers Bro provides. # The set of writers Bro provides.
@ -67,7 +67,7 @@ export {
# Logs the record "rec" to the stream "id". The type of # Logs the record "rec" to the stream "id". The type of
# "rec" must match the stream's "columns" field. # "rec" must match the stream's "columns" field.
global log: function(id: string, rec: any); global write: function(id: string, rec: any);
#global log_ev: event(id: string, rec: any); #global log_ev: event(id: string, rec: any);
# Returns an existing filter previously installed for stream # Returns an existing filter previously installed for stream
@ -75,6 +75,7 @@ export {
# the record "NoSuchFilter" is returned. # the record "NoSuchFilter" is returned.
global get_filter: function(id: string, name: string) : Filter; global get_filter: function(id: string, name: string) : Filter;
global create_stream: function(id: string, log_record_type: string); global create_stream: function(id: string, log_record_type: string);
global add_filter: function(id: string, filter: Filter); global add_filter: function(id: string, filter: Filter);
global remove_filter: function(id: string, filter: string): bool; global remove_filter: function(id: string, filter: string): bool;
@ -164,7 +165,7 @@ event file_opened(f: file) &priority=10
} }
} }
function log(id: string, rec: any) function write(id: string, rec: any)
{ {
logging_log(id, rec); logging_log(id, rec);
} }

24
policy/test-logging.bro
View file

@ -1,10 +1,10 @@
module SSH; module TEST_LOGGING;
@load logging @load logging
export { export {
# Create a new ID for our log stream # Create a new ID for our log stream
#redef enum Logging::ID += { LOG_SSH }; redef enum Log::ID += { TEST_LOGGING };
# Define a record with all the columns the log file can have. # Define a record with all the columns the log file can have.
# (I'm using a subset of fields from ssh-ext for demonstration.) # (I'm using a subset of fields from ssh-ext for demonstration.)
@ -17,7 +17,7 @@ export {
# This is the prototype for the event that the logging framework tries # This is the prototype for the event that the logging framework tries
# to generate if there is a handler for it. # to generate if there is a handler for it.
#global log: event(rec: Log); global log: event(rec: Log);
} }
event bro_init() event bro_init()
@ -25,12 +25,12 @@ event bro_init()
# Create the stream. # Create the stream.
# First argument is the ID for the stream. # First argument is the ID for the stream.
# Second argument is the log record type. # Second argument is the log record type.
Logging::create_stream("ssh", "SSH::Log"); Log::create_stream("TEST_LOGGING", "TEST_LOGGING::Log");
# Add a default filter that simply logs everything to "ssh.log" using the default writer. # Add a default filter that simply logs everything to "ssh.log" using the default writer.
# Log line event generation is autogenerated for now by checking for # Log line event generation is autogenerated for now by checking for
# handlers for MODULE_NAME::log (which isn't the right thing to do, but it will be dealt with later) # handlers for MODULE_NAME::log (which isn't the right thing to do, but it will be dealt with later)
Logging::add_default_filter("ssh"); Log::add_default_filter("TEST_LOGGING");
# There is currently some problem with &optional values in the records # There is currently some problem with &optional values in the records
# passed into the predicate. Maybe it's because I'm not really coercing # passed into the predicate. Maybe it's because I'm not really coercing
@ -42,18 +42,18 @@ event bro_init()
# Printing headers for the filters doesn't work yet either and needs to # Printing headers for the filters doesn't work yet either and needs to
# be considered in the final design. (based on the "select" set). # be considered in the final design. (based on the "select" set).
#Logging::add_filter("ssh", [$name="successful logins", #Log::add_filter("ssh", [$name="successful logins",
# #$pred(rec: Log) = { print rec$status; return T; }, # #$pred(rec: Log) = { print rec$status; return T; },
# $path="ssh-logins", # $path="ssh-logins",
# #$select=set("t"), # #$select=set("t"),
# $writer=Logging::WRITER_CSV]); # $writer=Log::WRITER_CSV]);
# Log something. # Log something.
Logging::log("ssh", [$t=network_time(),$status="success"]); Log::write("TEST_LOGGING", [$t=network_time(),$status="success"]);
Logging::log("ssh", [$t=network_time(),$status="failure", $country="US"]); Log::write("TEST_LOGGING", [$t=network_time(),$status="failure", $country="US"]);
Logging::log("ssh", [$t=network_time(),$status="failure", $country="UK"]); Log::write("TEST_LOGGING", [$t=network_time(),$status="failure", $country="UK"]);
Logging::log("ssh", [$t=network_time(),$status="success", $country="BR"]); Log::write("TEST_LOGGING", [$t=network_time(),$status="success", $country="BR"]);
Logging::log("ssh", [$t=network_time(),$status="failure", $country="MX"]); Log::write("TEST_LOGGING", [$t=network_time(),$status="failure", $country="MX"]);
} }

10
src/bro.bif
View file

@ -367,7 +367,7 @@ function logging_log%(index: string, rec: any%): any
RecordVal *recval = rec->AsRecordVal(); RecordVal *recval = rec->AsRecordVal();
// Lookup the stream // Lookup the stream
TableVal *streams = opt_internal_table("Logging::streams"); TableVal *streams = opt_internal_table("Log::streams");
VectorVal *columns; VectorVal *columns;
RecordVal *stream_record; RecordVal *stream_record;
if ( streams ) if ( streams )
@ -381,12 +381,12 @@ function logging_log%(index: string, rec: any%): any
} }
else else
{ {
printf("Logging framework is dead (Logging::streams not found).\n"); printf("Logging framework is dead (Log::streams not found).\n");
return false; return false;
} }
// Lookup all filters for stream // Lookup all filters for stream
TableVal *filters = opt_internal_table("Logging::filters"); TableVal *filters = opt_internal_table("Log::filters");
TableVal *stream_filters; TableVal *stream_filters;
if ( filters ) if ( filters )
{ {
@ -396,7 +396,7 @@ function logging_log%(index: string, rec: any%): any
} }
else else
{ {
printf("Logging framework is dead (Logging::filters not found).\n"); printf("Logging framework is dead (Log::filters not found).\n");
return false; return false;
} }
@ -448,7 +448,7 @@ function logging_log%(index: string, rec: any%): any
// Get the file with the "path" name found above for this filter. // Get the file with the "path" name found above for this filter.
// Open a new file is one does not exist yet. // Open a new file is one does not exist yet.
TableVal *logging_files = opt_internal_table("Logging::files"); TableVal *logging_files = opt_internal_table("Log::files");
Val *ff = logging_files->Lookup(path); Val *ff = logging_files->Lookup(path);
if ( !ff ) if ( !ff )
{ {